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Dear Evaluator, 


First, thank you for taking the time to evaluate Qualys Cloud Platform, an integrated suite 
of security and compliance applications. Today you must do everything to protect your 
network from the myriad of new threats, discovered almost every day, and meet 
compliance. Although you need to fully evaluate a solution for your enterprise time is not 
on your side. You need a solution now and your risk increases every day you wait. We have 
produced this Evaluator’s Guide to help you use your time more efficiently. 


Toward that end, we had several objectives for this document. One was for it to be 
reasonably concise. In addition, it had to be structured to enable you to apply the primary 
functions - mapping, scanning, reporting, remediation, and policy compliance - while 
offering you the option to explore deeper into sub-functions. 


The Evaluator’s Guide helps you test the product highlights without limiting your options. 
We urge you to apply Qualys to a network of your choice. That is the only way to get a true 
sense of its capabilities. For demonstration purposes, Qualys has an Internet facing 
network with a handful of IP addresses that you may want to scan first before scanning 
your chosen network. Please feel free to do that. We will be happy to provide you with the 
current IP addresses. 


At various steps in the Evaluator’s Guide, you will see procedures and screen shots designed 
to simplify every aspect from authentication to remediation. Also there will be references 
to sections in the online help, which is available from every location in the user interface, 
for more details. 


One of the biggest hurdles in using an enterprise information security management 
solution is the installation and deployment. With Qualys, this is eliminated. You interact 
with the solution using a Web browser that allows you to log onto Qualys to start the 
mapping, scanning, reporting, remediation, and policy compliance processes. 


Should you have any questions during this process please contact your Qualys 
representative or Qualys Support at www.qualys.com/support/. 


Again, thank you for evaluating the Qualys Cloud Platform. 


Sincerely, 


Qualys, Inc. 
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Getting Started 


All of your interactions with the Qualys solution will be through the Secure Internet 
Interface. After registration for the trial, you will receive an email with a secure link toa 
user name and password and login URL. This is a one-time-only link. Once you have 
connected to the Web page, neither you nor anyone else can do so a second time. This 
protects you in the event someone intercepts your email. Your login is fixed and assigned 
by Qualys. Your password is a randomly generated “strong” password to begin and you 
may change it at any time. 


To log in to the Qualys user interface, go to your account registration email and click the 
login URL link. 


Key Features of the Ul 


Let’s take a quick look at the Qualys user interface and some of its key features. 


Security and Compliance Suite 


VMDR DASHBOARD VULNERAT 


Our integrated suite of solutions is presented in a single view. 
Simply choose the solution you're interested in from the a 
module picker and get started right away. See an example of VIP 22tec% prioritize and remediate wineries, and 
the picker to the nght. 


INFRASTRUCTURE SECURITY (7) 


Continuous Monitoring 
LOE Set up monitoring and alerting of new security risks 


Container Security 


Easy Navigation 


CH 
n 


AssetView (Legacy) 
A Asset Management, Tagging, and Search 


Discover, track, and continuously protect Containers 
3 = ad H 
Once you've selected the application you want, you'll see menu | eem 
S f é curity, continuous monitoring for Mobile 
options across the top of the screen representing the main Deea are ba for omera 
d 4 S = z Threat Protection 
sections of the application. Each section provides workflows EE do or xing uge 
specific to the application. Cloudview 
Monitor changes on cloud platforms 
VMOR ` v~ Industrial Control System BETA 
IECH Get real time visibility of critical industrial assets and 
Dashboard Vulnerabilities Prioritization Scans Reports Remediation Assets KnowledgeBase Users manage their vulnerabilities. 
ASSET MANAGEMENT (3) 
(3) EG Scans Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 
en v) { Search] (Fiers ze CyberSecurity Asset Management 
ent [Sem te. Identify security gaps and manage asset health across 
E SS your hybrid IT environment 
FA Global Asset 
EE Sc Maintain full ir ty of all your global IT 
] @ 10.10.10.2-10.10.10.100 10.10.10.2-10.10.10.100 sets (Former al IT Asset Inventory) 


IT OPERATIONS (2) 
Interactive Filters with Visual Feedback 


Patch Management 
Deploy patches to your systems 


Secure Access Control 
EI Network containment for your vulnerable, affected and 
non-compliant assets 


SECURITY OPERATIONS (1) 


Use filters to change your data list view. 


Maps Authentication Search Lists 


Schedules Appliances Option Profiles 


New v | | Geschl Fites v 


Processing Tasks 

Title Te ts 

by Endpoint Detection and Response 

10.10.10.11 EDR Malware Detection, Th reat deg ting, Incident 
investigation and Respon: 


My Scans 
Vulnerability Scans 
EC2 Scans 


E @ Smal Scan 


@ 10.10.10.2-10.10.10.100 10.10.10.2-10.10.10.100 


COMPLIANCE (5) 
Out-of-Band Configuration Assessment 
WH Extend security and compliance to inaccessible assets 


Web Malware Detection 
Scan and Monitor Your Sites for Malware Infections 


Cloud Perimeter Scan 
Queued Scans 
Running Scans 
Paused Scans 
Canceled Scans 
Finished Scans 
Empty Results 
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Customize Your View 


You can hide columns, change the sorting criteria and specify the number of rows to 
appear in each list. To do so, use the Tools menu above the list, on the right side. 


©) Targets Sum 
[E Option Profile Sort By 
User Rows Shown 
17 Reference f fal 
Date 

[E Processing Priority 

Status 

Launched 


User Reference Date 


1-20f2 E LE m| 
» 
» 
» 


Patrick Slimmer scan/1586387185.44805 04/08/2020 


Patrick Slimmer scan/1584978315 06534 03/23/2020 


Actionable Menus 


Take actions on a single item using the Quick Actions menu. Place your mouse cursor over 
the data list row to see the drop-down arrow. Then click the arrow to see the possible 
actions you can take. For example, view or download scan results for a finished scan. 


Maps Schedules Authentication 


[ser 
z 


Title 


Appliances Option Profiles Search Lists Setup 


© Small Scan 
| View 


] @ 10.10.10.2-10.10.10.100 
Download 


Relaunch 


Take actions on multiple items in a data list. Select the check box for each item in the data 
list your action applies to and then select an action from the Actions menu above the list. 
You'll notice that the Actions button displays the number of items that you’ve selected. 


Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 


‘Actions fi v 


Pause 


Targets 


Cancel 


10.10.10.11 


Delete 


10.10.10.2-10.10.10.100 


Clear Selections  D20.10.100 


Contextual Setup 


Setup options are available where you need them. For example, setup options affecting 
scans and scan results appear on the Setup tab in the Scans section. This means you don’t 
have to leave the Scans section to setup your configurations or set global scan options. 
The setup options available to you depend on your service level and subscription settings. 
The ability to edit setup options is determined by your role and permissions. 


$= Scans "Scans Maps Schedules Appliances Option Profiles Authentication Search Lists ici 


Storage 


Define how long you want to keep scan results in your 
account. 


Go> 


Scheduled Scans 


Define scheduling options. 


Excluded Hosts 


Configure a list of hosts which will not be scanned by 


Go> 


Agentless Tracking 


Accept Agentless Tracking in order to report on hosts 
by host ID. 


Go> 


Dissolvable Agent 


Accept Agent installation in order to conduct scans 
with certain capabilities on Windows devices 


Go> 


Scanner Trusted CA 


Manage a custom chain of trusted certificate 
authorities, 


PCI Account Links 


Add links to PCI accounts you want to share PCI 
scans with. 


Go> 


DNS Tracking 


Enable DNS Tracking for hosts when the DNS 
hostname is detected 
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Account Setup 


Now that you’re familiar with the user interface, let’s perform a few key tasks to setup 
your account. You'll need to install your scanner appliance, add domains for mapping, 

and add hosts (IP addresses) for scanning. We'll also look at how you can organize your 
assets and users. 


Installing Your Scanner Appliance 


By installing a scanner appliance within your network, you will have the ability to do 
vulnerability assessments for your entire network. We offer both physical appliances and 
virtual appliances for ease of integration with your network environment. The scanner 
appliance features a hardened OS kernel, is highly secure, and stores no data. It’s 
recommended best practice that you create dedicated user accounts for installing scanner 
appliances, so that changes in account status do not affect scanner appliance availability. 
For the purpose of this review, you will simply install your scanner appliance using the 
same login and password you are currently using. Go to VM/VMDR > Scans > Appliances 
to set up a 14 day trial of Qualys Virtual Scanner. 


Creating Network Domains 


Qualys uses a domains concept for its network mapping process. “Domain” in this context 
is our name for a DNS entry, for a netblock, or for a combination. 


To create such a domain, you select “Assets” on the top menu and then select the 
“Domains” tab. Go to New > Domains. Here you will specify a domain or a netblock of IPs. 
Once you have typed them into the New Domains pop-up, click “Add”. A notice will appear 
reminding you that you must have permission to discover (map) the specified domains 
and netblocks. Click “OK”. You will be returned to the domains list, and the added 
domains will now be shown. 


When specifying domains, you may add existing registered domain names recognizable by 
DNS servers on your network, such as “mycompany.com”. Also you have the option to add 
domain called “none” with netblocks (one or more IP addresses and IP ranges). 


a 
Qualys provides a demo domain called “qualys-test.com” for network mapping. This 
domain may already be in your account. If not you can add it yourself. Note that the 
devices in the demo domain reside in Qualys Security Operations Centers, so the Qualys 
Internet scanners can be used for mapping this domain. 


Adding Hosts for Scanning 


The service supports network scanning and compliance scanning. Host assets are the IP 
addresses in your account that may be used as scan targets. 


In preparation for network scanning, you need to tell us which IP addresses and/or ranges 
you wish to scan. Select “Assets” on the top menu and then select the “Host Assets” tab. 
Go to New > IP Tracked Hosts. 
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The New Hosts page will appear. In the section titled “Host IPs” enter the IPs for which you 
have permission to scan. You'll see the check box “Add to Policy Compliance Module” if 
the compliance module is enabled for your subscription. Select this check box if you want 
the new IPs to also be available for compliance scanning. At the bottom of the page, click 
the “Add” button. A notice appears asking you to verify that you are authorized to scan the 
IP addresses being added. Select “OK.” The host assets list will now return to your display, 
and the newly added hosts will be added to the list. 


How can I discover hosts? 


You can discover the devices on your network starting from a domain or netblock. Then 
add the IPs to your account using the workflow from the Map Results report. 


Tell me about tracking hosts by DNS and NetBIOS. 


You'll notice that you have the option to add hosts tracked by DNS and NetBIOS 
hostname, which allows for reporting host scan results in dynamic networking 
environments. For example, you may want to use DNS or NetBIOS hostname tracking if 
the hosts on your network are assigned IP addresses dynamically through DHCP. 


Tell me about support for virtual hosts. 


A virtual host is a single machine that acts like multiple systems, hosting more than one 
domain. For example, an ISP could use one server with IP address 194.55.109.1 to host two 
Web sites on the same port: www.merchantA.com and www.merchantB.com. To ensure 
that the scanning service analyzes all domains when the host is scanned, set up a virtual 
host configuration for this IP address and specify the port and fully-qualified domain 
names. Select the “Virtual Hosts” tab under “Assets”. Then go to New > Virtual Host to 
create a new virtual host configuration. 


Controlling Access to Assets 


You can control user access to assets (scanner appliances, domains and hosts) by 
organizing them into user-defined asset groups and then assigning these groups to users. 
This is how you limit users to certain assets in the subscription. 


Select “Asset Groups” under “Assets” to view your asset groups. Go to New > Asset Group 
to add a new asset group. Asset grouping offers great flexibility, allowing you to assign 
assets to multiple asset groups. 


VMDR v 


Dashboard Vulnerabilities Prioritization Scans Reports Remediation Cep Zrnummger Users 


(3) ECH Asset Groups Host Assets Asset Search Virtual Hosts Domains Applications Ports/Ser 
New v | | Search | | Fiters ze 
Title = IPs Domains 
AGI 40.10.10.2-10.10.10.100 


AG2 10.10.10.11-10.10.10.52 


To view information associated with an asset group, click anywhere in the data list row for 
the group you're interested in, then click the down arrow §§ that appears in the row to see 
the Quick Actions menu. Select “Info” from the Quick Actions menu. 
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You may wish to go one step further and organize asset groups into business units. This 
allows you to grant management responsibilities to dedicated Unit Managers. Unit 
Managers are tasked with overseeing assets and users within their respective business 
units. Business Units are managed in the “Users” section. 


Following is a typical example of how an enterprise might segregate their assets into user- 
defined business units: 


1. Start with all assets in 
the subscription. 


Subscription Assets 


IPs: 10.10.10.1-10.10.10.255, 64.41.134.59-64.41.134.61 
Domains: qualys-test.com, qualys.com 
Scanner Appliances: ca_scanner, ny_scanner, fr_scanner, de_scanner 


2. Split assets into | 


logical asset groups. 


Asset Group California Asset Group New York Asset Group France Asset Group Germany 


10.10.10.1-10.10.10.60 10.10.10.61-10,10.10.120 10.10.10.121-10.10.10.180 10.10.10.181-10.10.10.255 
64.41.134.59-64.41.134.61 qualys-test.com qualys.com qualys.com 
ca_scanner ny_scanner fr_scanner de_scanner 


| | | | 


3. (Optional) Organize 
asset groups into 
business units. 


France 
Germany 


User Management 


User management capabilities allow you to add multiple users with varying roles and 
privileges. Each user is assigned a pre-defined user role which determines what actions 
the user can take. The most privileged users are Managers - they have full privileges and 
access to all assets in the subscription. 


Managers and Unit Managers have the ability to manage assets and users. Managers have 
management authority for the subscription, while Unit Managers have management 
authority on an assigned business unit only. 


Scanners and Readers have limited rights on their assigned assets. Scanners can launch 
scans and run reports. Readers can run reports. 


Auditors have compliance management privileges. Auditors cannot run compliance scans, 
however they can define policies and run compliance reports. Auditors only have visibility 
into compliance data (not vulnerability data). This role is available when PC is enabled for 
the subscription. 
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A Remediation User has limited access to the UI and can access only remediation tickets 
and the vulnerability knowledgebase. Remediation users do not have any scanning or 
reporting privileges. A Manager can assign Business Unit and Asset Groups and also 
tickets generated by policy rules for assets (asset groups) to the Remediation User. 


A KnowledgeBase Only user has limited access to the UI. They can send and receive 
vulnerability notifications and view vulnerabilities in the KnowledgeBase. (This role is only 
available when this feature is enabled for your subscription. Only a Manager can assign 
this role.) 


A User Administrator user will only have access to users, assets groups, business units 
and distribution groups. Users with this role can create and edit all types of users, except 
other User Administrators. They can edit and delete Manager users as long as there is at 
least one Manager account remaining in the subscription. That means the User 
Administrator cannot delete the last Manager account and cannot change the role for the 
last Manager account. The User Administrator does not have permission to delete 
business units, distribution groups, or asset groups. 


Contacts have one permission only - to receive scan email notifications. 


A typical deployment will have multiple users with multiple business units as depicted in 
the following chart: 


Manager (*) Manager 
All assets All assets 


| Jeff 
Unit Manager CH 
Group F, G, H 


Sam 
Unit Manager 
Group F, G, H 


Lara 
Unit Manager CH 
Group A,B,C 


Bob 


ojo 
S 

S |S 
IS 
5 

a 

| j 


Q 
oO 
SS 
K 
> 
D 


The Qualys solution provides great flexibility in defining users, asset groups, and business 
units to reflect the organizational structure and business requirements for the enterprise. 


Note: For Express Lite accounts, you can add a total of 3 Manager users (no other user 
roles are available), and Business Units are not available. 
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Adding Users 


On the top menu, select “Users”. Then go to New > User. You can add users to your 
account, assign them roles, and associate them with business units. 


VMDR ze 


Dashboard Vulnerabilities Prioritization Scans Reports Remediation Assets Koomoapobase( User) 


eS Users Business Units Distribution Groups Activity Log Setup 


| New w || Search | | Fitters ze 


a Role Business Unit 
Hana Singh Scanner Europe 
James Kodiak * Unit Manager Europe 

J Patrick Slimmer * Manager Unassigned 


In the “General Information” section the account creator provides general user 
information like the user’s name, business title, and contact information. 


General Information 
Locale FirstName:* [Eq Address 1:* | 1600 Bridge Parkway 
User Role LastName:* [Marcos Address 2: | 2nd Floor 
Asset Groups Company: Qualys, Inc. City: * Redwood City 
Permissions Title: * IT Manager Country: * United States of America D 
Options Phone: * 650 801 6100 State: * Calfornia H 
Security Fax ZIP Code: 94065 
E-mail Address: * | emarcos@qualys.com External ID 


Cancel 


Save 


Go to “User Role” to assign a user role, access permissions and business unit. 


New User Launch Help x 


General information 
User Role 


Locale 
User Role: * 


User Role > 
Allow access to 


Permissions 


Unit Manager 


Wou ] API 


Business Unit: * West Coast 


New Business Unit 


Go to “Permissions” to assign permissions to the user. Different permissions appear for 
different user roles. The example below is for a Unit Manager role. 
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New User 


General Information 


Locale 


User Role 


Permissions > 


Launch Help 


Allow this user to pert 
[7] Manage VM module 


the following actions: 


E Create/edit remediation policy 
E Create/edit virtual hosts 
E Add assets 
Create option profiles 
© Purge host information/history 
E Create/edit authentication recordsivaults 
E Manage PC module 
AcceptReject exceptions 
Create/edit compliance policies 
Create User Defined Controls 
Update/Delete User Defined Controls 
E] Manage web applications 
Create web applications 
Manage virtual scanner appliances 
E] Manage offline scanner appliances 
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User Management 


Ax 


Select “Options” and you'll see several email notifications you can enable for the user. 


New User 


General Information 
Locale 

User Role 
Permissions 


Options > 


Security 


Now go to “Security” 


Launch Help 


Notification Options 


The following selections will configure when this user will receive notifications from Qualys and what they will 
receive them for. 
Latest Controls: 
Monthly ` Weekly Mons 

Latest Vulnerabilities: 

@ Weekly © Daily © None 
Scan Complete Notification: 

@on eon 
Scan Summary Notification (vulnerability scans only): 

@on@on 
Map Notification: 

@0n © of 
Report Notification: 

© All reports © My reports @ No notification 
Exception Notification: 

My exceptions ©) No notification 

Other Notifications: 

E] Scanner Appliance heartbeat check 
Ticket Notifications: 

[E Dally trouble tickets updates 


CR 


and you can select VIP two-factor authentication for the user, or 


enable SAML SSO for the user (when this option is enabled for your subscription). If both 
options are turned on, VIP will be ignored and SAML SSO will be used. (Tip: Managers can 
require VeriSign VIP or SAML SSO for all users by going to Users > Setup. For VeriSign VIP, 
select Security. For SAML SSO, select SAML SSO Setup.) 


New User 


General Information 


Launch Help 


VeriSign Identity Protection (VIP) 
LE Not Registered 


Verisign 
Identity 
Protection 


[E VIP two-factor authentication 


Note: This option enables VIP two-factor authentication for users to login into Qualys GUI. This 
setting impacts UI access only. 


SAML SSO 


@x 


Enable SAML SSO 
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About SAML SSO 


When SAML SSO is activated for a user account, the user will no longer log in to the 
service using their service credentials. Instead, users will click a link to enter a username 
and password to authenticate to their identity provider (IdP). Upon successful 
authentication, the IdP redirects to the service's Assertion Consumer Service URL, the 
service validates the contents of the response, resolves the usernames and starts the 
user’s session. 


The account must have these settings: 
1) SAML SSO must be enabled for your subscription by support or your account manager. 


2) The New Data Security Model must be accepted for the subscription. A Manager can opt 
in by going to Users > Setup > Security. 


How to enable SAML SSO for all new users 


Managers can go to Users > Setup > SAML SSO Setup and select the option “Enable SAML 
SSO for new users”. 


How to enable SAML SSO for select users 


Go to Users > Users and edit the user's account. You'll see the SAML SSO option in the 
Security section. 


About VeriSign VIP Support 


When VIP is enabled for a user, the user completes a two-part process to log in to our user 
interface. The user will enter login credentials (login name and password) followed by VIP 
credentials (VIP credential ID and one-time security code). 


Note - VIP two factor authentication impacts UI access only (not API access). 


How to enable VIP authentication for all new users 


Managers can go to Users > Setup > Security and select the option “Require VIP two-factor 
authentication for all users”. 


How to enable VIP authentication for select users 


If not enabled globally, a Manager can enable VIP authentication individually for specific 
users. Go to Users > User Accounts and edit the account you're interested in. Then select 
the option “VIP two-factor authentication” under Security. 


How to enable VIP authentication for yourself 


All users with login privileges can opt in for VIP authentication by registering their own 
VIP credential with our security service. Edit your own user account, go to the Security 
section and register your credential. 


| don’t have a VIP credential. How do I get one? 


You can get a credential from the VeriSign Identity Protection Center at: 
https://idprotect.vip.symantec.com or https://vip.symantec.com. Each VIP credential 
bears a credential ID and allows the user to generate one-time security codes as needed. 
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Controlling User Access to Apps 


You can grant a user’s account access to various apps on our Cloud Security Platform. 


Grant access to VM, PC, SCA 


(Managers) Edit a sub-user’s account to grant access to these apps: VM, PC, SCA. Select 
“Manage VM module” to grant access to VM, “Manage PC module” to grant access to PC or 
“Manage SCA module” to grant access to SCA. Only apps enabled in your subscription are 
available. Clear any of these options to take away access. 


Edit User EC Note -Depending on the 
user's role you may see 
additional permissions 


Rote Extended Permissions 


Locale Ww 
ÍZ] Manage VM module for h pp 
User Role [Z] Create/edit remediation policy O e ac a z 
El Create/edit virtual hosts 
Purge host information/history 
Options satele hentication record 


Wi Manage PC module 
Account Activity II AcceptReject exceptions 
E Create/edit compliance policies 
E Create User Defined Controls 


Seino [E Update/Delete User Defined Controls 
appl 
User Status Create web applications 
[Z] Manage virtual scanner appliances 
Manage offline scanner appliances 
E 


Grant access to other apps on our Cloud Security Platform 


(Managers) Use the Administration utility (last option in the app picker) to view and 
manage users and grant access to applications like WAS, WAF, CA, CM, SAQ, etc. On the 
User Management tab you’ll see the apps each user has access to. Access is role based. 


Administration {v 


Users Action Log 


E) User Management User Management Role Management Defaults 


‘earch for users by entering properties 


Users Breakdown: RESCH ` Acivicy 


e 0 

Total active users 100% 
Total users 2 
Use 2 
Bee 0 
Users pending activation 0 

` ` Username ^ Modules First Name Last Name Email A 
quays- CO a ee 

À CEE B eeaeneen ™ ke KE 
quays_ch 
aw J ca Tu [cw te] Christina Hans e 


Unassigned Business Unit 
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You're Now Ready 


Go to Users > Role Management to view, create, edit roles with various permissions and 
access. 


Administration { 


Users Action Log 


IAEE ler Ell Role Management RSC S 


earch for ro ntering properties 


Total used roles 9% 
Ps 


Total 


* Description Modules 
READER Read-Only User a 
[E SCANNER ‘Scanner User a 
[E] UNT MANAGER Unt Manager User famn an 


WAF Manager WAF Manager User 


You’re Now Ready 


At this point, you should have successfully obtained authorization, logged in, created 
domains for mapping, added hosts for scanning, and are ready to begin mapping and 
scanning. If any of the preceding steps failed to provide results similar to those in this 
setup section, please email or call Qualys Support before continuing. The sections to 


follow walk you through the primary functions of the Qualys solution, including mapping, 
scanning, reporting and remediation. 
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Running a Map 


Mapping Your Network 


Before you can map a portion of your network, you have to tell us how you would like it to 
perform that mapping. This is called a “Network Map Profile.” 


Under Scans, select the “Option Profiles” tab, and then go to New > Option Profile. A New 
Option Profile page will open. Give the new profile a title, such as “Network A Map”. 


Go to the “Map” section of the option profile. Scroll down to the Options section and make 
sure the “Perform Live Host Sweep” option is selected. This option will allow you to map a 
domain and identify hosts in the netblock. If you’re mapping an internal domain or 
internal IPs, then scroll up and select the option “Netblock Hosts only” for basic 
information gathering. Feel free later to try different selections for your map profile, but 
for now, select the “Save” button to save the option profile. 


Running a Map 


Now you're ready to run your first map. Select the “Maps” tab in the “Scans” section. The 
maps list appears. Go to New > Map. 


VMDR D | 


Dashboard Vulnerabilities Prioritization Scans Reports Remediation Assets KnowledgeBase Users 


3) Scans Scans Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 
Fesealealrees 


Map. 


Targets Launched User | 
‘Schedule Map. | 


S No map found matching your filters. Please modify your filters or launch a map. 
ema. 


Asset Group. 
Option Profile 
Download. 


The Launch Map pop-up appears, as shown below. 


Enter the name “First Map" in 


To iaunch a map select tne targets you wart discover nd spec the ma’ settings the “Title” field and select your 
new map profile (e.g. “Network 


General Information ` 


Give your map a name, select a scan profile (a default is selected for you with recommended settings), and choose a scanner from the Scanner Appliance menu 


Ge A Map”) from the “Option 
Ve Ge Profile” menu. 
Option Profile: Network A Map v BView 


The “Scanner Appliance” menu 


Target Domains 


Tel us when domains ang IPs to map. A separate map wi ve launched for each target appears when your account 
egen Ss Gus] th Select includes a scanner appliance. 
Assam gäe: Doma When present, select the name 
is of your scanner (required for 
Terrier (MAR ben mapping private use internal 
aaa IPs) or External for external 
scanners. 


Notification 


Send notification when this scan is finished 


Launch Cancel_ | 
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Mapping Your Network 
Map Results 


In the “Domains/Netblocks” field, enter the domain you already added or click the “Select” 
link to choose a domain from a list of domains in your account. In the example shown, the 
domain “qualys-test.com” is selected. (You can also map IP addresses and asset groups. 
See Map Targets to learn more.) Select “Launch” to start the map. 


The maps list is refreshed and your new map is shown with the status “Running”. When 
the mapping is complete, the status changes to “Finished.” Also, the Qualys service will 
send you a map summary email to the address with which you registered when the map 
summary notification option is enabled in your account. 


VMDR e EJ Help» Patrick Slimmer (quays_x149) ~ Logout 
Dashboard Vulnerabilities Prioritization Scans Reports Remediation Assets KnowledgeBase Users 
(3) Scans Scans Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 
[mew | {Search| pen 1-10f4 uy Ge 
Title Targets Launched User Reference Date + Status 


First Map qualys-test.com SI Patrick Slimmer map/1586451288.46486 04/09/2020 at 09:54:48 (GMT-0700) Finished 


Map Results 


On the maps list, click the data list row for your finished map and select the down arrow 
(© that appears in the row. Then select “View Report” from the Quick Actions menu. Your 
Map Results will appear online in an HTML report. The sample map below was generated 
for the “qualys-test” domain. At the top of the page is a Report Summary. Take a look at 
yours and note the information completeness. 


Map Results p 


File» View» Help~ 


Map Results April 09, 2020 
Patrick Slimmer Qualys 04/09/2020 at 10:32:52 (GMT-0700) 
quays_xt49 919 E Hillsdale Bivd, 4th Floor Sort By: IP Address 
Manager Foster City, California 94404 

United States of America 

Report Summary 
Domain: qualys-test.com 
Map: 

Type: On demand 

Status: Finished 

Title: First Map 

Launch Date: 04/09/2020 at 09:56:41 (GMT-0700) 


Reference: map/1586451288.46486 

Duration: NIA 

Total Hosts Found: 37 

Scanner Appliance: 10.11.48. 103 (Scanner 11.6.51-1, Vulnerability Signatures 2.4.775-5) 
Option Profile: Network A Map 


Results 


qualys-test.com (57) 


RS DNS NetBIOS Router os ASLN' 
> 10.1.1.1 ‘fw.qualys-test.com i Cisco IOS 12 =e 
> @ 10112 ws1.corp.qualys-test. com ws1w2k 10111 Windows 2000 L 
> B 10113 ws2.corp.qualy-test.com ws2w2k 10.111 Windows 2000 L 
> @ 10115 10.1.1.1 D-Link Wireless Access Point L 
> @ 10118 hplazerjet.corp.qualys-test.com 10.1141 HP JetDirect L 
> E 10.14.110 dhcp.corp.qualy-test com 104.44 Linux L 
> B 101111 app.corp.qualys-test.com APPW2K 10.1.11 Windows 2000 L 
> @ 1041.113 proxy.corp.qualys-test.com 10.111 Linux L 
> E 102115 WKT.-frcorp.qualys-test.com wk7w2k3 RAR: Windows 2003 Service Pack 2 L 
» O 102117 wk8.frcorp.qualys-test.com wkeVista 104.14 Windows Vista L = 
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Map Results 


Now scroll down the page to see the list of hosts discovered along with legend information 
that indicates “Approved,” “Scannable,” “Live,” and “Netblock.” This map was generated on 
the qualys-test domain for demonstration purposes. The discovered hosts were all live at 
the time of the scan but are not in the approved hosts list for the domain or in the 
domain’s associated netblock. Hosts are scannable when they are already in the user's 
account and available for scanning. Your map will have results specific to the domain that 
you mapped. 


Click the arrow ( p ) next to any host to view a list of open services on the host. The 
discovery method used to detect each service is listed along with the port the service was 
found to be running on (if available). 


The top of your report includes an Actions drop-down menu with powerful workflow 
options that allow you to select hosts in the results and do any of the following: add hosts 
to the subscription, add hosts to groups, remove hosts from groups, launch and schedule 
scans on hosts, edit hosts, purge host details, and approve hosts for the domain. 


Let’s add hosts from the map results to a new asset group for scanning. Hosts with the “S” 
indicator on the right-side legend are scannable, meaning that they already exist in your 
account. Select the check box next to each scannable host you want to add to the group. 
Then go to the Actions menu at the top of your report and select “Add to a new Asset 
Group” from the drop-down menu, and click “Apply”. On the New Asset Group page give 
your asset group a title, such as “First Asset Group.” You'll notice that the selected hosts 
are already assigned in the IPs section. The Business Info section is where you specify an 
impact level used to calculate business risk in scan status reports (automatic). The impact 
level “High” is assigned by default. Select “Save.” The new asset group is saved to your 
asset groups list and is available for mapping, scanning and reporting. We’ll reference this 
group in the next chapter when scanning for vulnerabilities. 


Viewing Map Results in Graphic Mode 


Now go to View > Graphic Mode from the menu at the top of your report. 


Map Results 


Filey Views Help» 
Expand All 


Actions up v | Apply 
Collapse All 


Graphic Mode 


Map Results April 09, 2020 
Patrick Slimmer Qualys 04/09/2020 at 10:32:52 (GMT-0700) 
quays_xt49 919 E Hillsdale Bivd, 4th Floor Sort By: IP Address 
Manager Foster City, California 94404 
United States of America 


Report Summary 
Domain: qualys-test.com 
Map 
Type: On demand 
Status: Finished 
Title First Map 


We will prepare a graphical representation of the map in a separate window. Following is 
an example. 
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Scheduling Maps 


Map Results: First Map ‘Tum help tips: On | Off Launch Help 


Domai: qualys-test.com 


Results are listed with the total number of findings = 
sorted by IP address. 


Total Hosts in Domain 
Zep @ e 
New Hosts A 
57 @o" en 
4) +: 28 D ` e 
New 57 Approved EN demott SS 
Ge www o 10.1.15 
ea Es o Q 
der H demo16 3 
emo03 
InNetblock @ Rogue (2) 
Q ā * Q = = 
Operating System Families es a KA fa 
demoda a 
SR e 9 Di Ki = 
= af ke 
= Se 9 o 
T wei wet 
Zei = Q o 2 
Windows ED Ô ug € Q demo3 demo3 E 
demot demos 


Other E Router EN 


gw-st (8) ‘ow-gva (8) 
demos 


® -E GI 8 
oes 


Click on any host in the map to see details in the Preview pane, as shown below. You'll see 
basic information on the discovered host, its OS, and how it was identified: 


Operating System Families ~ — 
4 = 0 Q : 
ami e ® 


2 
demos demo6 
em ep demo1 


> 


Windows E Auw € 
106.249 / demo8.sea.qualys-test.com 


Q 64.39.1 
Other ER Router E New | @ Live | @ Rogue 


NetBIOS: DEMO8.NON.COMP | Router 64.39.1061 | OS: Windows XP Service Pack 2-3 | Last scan: N/A (Not available to scan) 


Preview 


Discovery Method 
TCP PORT 135 TCPPORT 139 TCPPORT445 TCPRST UDPPORT137 DNS ICMP 


Looking for certain hosts? Easily search the results by IP address, hostname, or certain 
host attributes. Make selections in the Search field at the top or in the Summary pane on 
the left. 


Scheduling Maps 


In the previous instance, you ran a map on demand. You can also schedule maps, 
periodically, that require no human intervention. To schedule a map, select the 
“Schedules” tab under “Scans”. Then go to New > Schedule Map. Give the scheduling task a 
title, such as “First Map Schedule”. Your name should appear in the Task Owner field and 
the default option profile will appear in the Option Profile field. In the Target Domains 
section, specify your map target. Then go to the Scheduling section to pick the start date 
and time, duration, and any other options. Select “Launch Help” in the top right-hand 
corner for assistance with available settings. When finished, select “Save.” 


Now Qualys will repeat that map as scheduled, and each time it completes the map, it will 
send you a summary email with a secure link to the Map Results report. As you will see 
later, repeated mapping coupled with reporting on prior map results, a Manager can 
quickly see any changes to the domain due to any new or rogue devices. 
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Map Targets 


Map Targets 


Each time you launch or schedule a map, you specify one or more map targets in the 
Target Domains section. You may specify any combination of registered domains, IP 
addresses/ranges, and asset groups. When you select an asset group for the map target, 
you have the option to map the domains and/or the IPs defined in the asset group. 


When multiple map targets are submitted in a single map request, the service 
automatically produces multiple map reports. The service produces a separate map report 
for each registered domain and for each group of IPs. For example, if you enter 2 registered 
domains, then the service produces 2 map reports. If you enter 2 registered domains plus a 
range of IPs, then the service produces 3 map reports. All of the maps produced from a 
single request will share the same user-provided map title. The Targets column in your 
Maps list identifies the registered domain name or the IP addresses/ranges included in 
each map report. 


Mapping Summary 


Qualys supports both on demand and scheduled mapping. Mapping profiles allow you to 
tailor the discovery based on your selection of mapping criteria. All mappings initiate 
emails with result summaries and links to the saved Map Results information. 
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Scanning for Vulnerabilities 


As with mapping, scanning requires an option profile. You can create your own option 
profile, use the default profile, or select one from the library. The Qualys Library provides 
pre-configured option profiles designed specifically for vulnerability scanning. You can 
import these option profiles into your account and use as-is or edit them as required. 


Let’s create a new option profile. Go to “Scans” on the top menu and select the “Option 
Profiles” tab. Then go to New > Option Profile. 


a Scans ` Scans Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 


| New ze || Search || Fitters w 1-50f5 ev 


Option Profile... 
PCI Option Profile. 
® Standard | import from Library. default) Patrick Slimmer 07/07/2016 


O $ Type User a Modified 


Standard | Downbad. Patrick Slimmer 07/07/2016 
O © Standard 2008 SANS20 Options System 07/07/2016 
© Pa Payment Card Industry (PCI) Options System 07/07/2016 


O © Standard Qualys Top 20 Options System 07/07/2016 


The New Option Profile page appears. As you did with mapping, give the profile a name, 
such as “First Scan” and then select the “Set this as the default...scans” check box. 


New Option Profile Turn help tips: On | Off Launch Help 


| Scan Title: * First Scan 


Owner 


Map Patrick Slimmer (Manager: quays_ps39 ) |7 
Additional [F] Set this as the default option profile when launching maps and scans 


Make this a globally available option profile 


Restore Defaults | _ Save | SaveAs.. | _ Cancel 


Now go to the “Scans” section on the left to see available scan options. Keep all of the 
default scan options as is except scroll down to the “Authentication” section and select the 
“Windows” check box to enable Windows authentication. Select “Save” to save the new 
option profile. You will now be returned to the option profiles list, and the new default 
profile called “First Scan” will appear. 


The Windows Authentication feature enables Windows trusted scanning. Qualys supports 
trusted scanning for Windows, Unix, Oracle, Oracle Listener, SNMP, Cisco IOS, IBM DB2, 
VMware, MySQL and many more technologies. Refer to the online help and search for 
“authentication” to find all supported technologies. When authentication is enabled for 
your scans, we have the ability to gather more system intelligence on target hosts. 
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Starting a Scan 


Trusted scanning references user-defined authentication records in your account. Each 
record identifies authentication credentials to be used for authentication to certain hosts. 
For Windows authentication you may select local or domain authentication. For domain 
authentication Qualys provides methods for IP-based authentication and domain-based 
authentication. Trusted relationships are supported using both of these methods. 


If domain authentication will be used, please review our documentation for information 
on domain account requirements before you begin. Refer to the online help or download 
the document “Windows Trusted Scanning” from the Resources section (Help > Resources 
> Tips and Techniques). 


To add a Windows authentication record, select the “Authentication” tab under “Scans”. 
Then go to New > Windows Record. On the New Windows Record page, give the record a 
title. Under Login Credentials, select local or domain authentication. For domain 
authentication it’s recommended you select “NetBIOS, User-Selected IPs” for IP-based 
authentication and then enter the target domain name. For basic authentication, enter 
the user name and password for the Windows user account to be used. (Optionally, select 
“Authentication Vault” if the password for the Windows user account is stored in a third 
party authentication vault. You must already have a vault record defined in your account 
to use this option.) In the IPs section, under Available IPs, select the IPs/ranges to be 
scanned and click “Add”. Lastly, select “Save”. The authentication records list will appear 


and your new record will be listed. 


Starting a Scan 


Now you are ready to run your first scan. Go to the “Scans” tab and then go to New > Scan. 
The Launch Vulnerability Scan pop-up appears. 


Launch Vulnerability Scan Turn help tips: On| Off Launch Help 


General Information 


Give your scan a name, select a scan profile (a default is selected for you with recommended settings), and choose a scanner from the Scanner Appliance menu for internal 
scans, if visible. 


Title Internal Asset Scan 


Option Profile: * First Scan (default) *h Select 


E 


Scanner Appliance: Default 


Choose Target Hosts from 


Tell us which hosts (IP addresses) you want to scan. 
@ Assets Tags 


Asset Groups First Asset Group *k Select 


IPs/Ranges *h Select 


192.168.0.87-192.168.0.92, 192.168.0.200 


Exclude IPs/Ranges *k Select 


Notification 


[E Send notification when this scan is finished 


Enter a title for the scan (for example “Internal Asset Scan”) and make sure that the 
“Option Profile” field shows your new scan profile (for example “First Scan”). Note the 
service provides a variety of pre-configured option profiles to assist you with vulnerability 
scanning. You can import an option profile from the Library and apply it to the scan (and 
the imported profile will be saved in your account for future use). 


21 


Scanning for Vulnerabilities 
Starting a Scan 


Specify a target asset group (for example, “First Asset Group” created previously from your 
map results). You can also enter IPs or IP ranges in he “IPs/Ranges” field. 


You can also pick one or more scanner appliances for running the scan in the “Scanner 
Appliance” field, or let the system use the default scanner associated with the asset group 


that you are scanning. (Note: Ifyou are scanning the demo IPs, you must select External in 
this field.) 


Now, click “Launch”. 


Once the scan begins, you will see the Scan Status window which is updated every 60 
seconds with scan status information. You can move this window out of your way or close 
it. You can re-open the scan status at any time from the scans list. 


During the scan, you can view the scans list in the main window and see the scan task 
status. To take actions on a scan, click anywhere in the data list row and then click the 
down arrow that appears in the row to show the Quick Actions menu. 


(3) EICH Scans Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 


New ze || Search | | Filters ze 4-10f1 bk ev Gis 
E) Title Targets User Reference Date + Status 
ic} Ç; Internal Asset Scan EE: 10220 Patrick Slimmer ` scan/1467937794.13001 07/07/2016 Running PI 
| View 
Download 
Relaunch 
Pause/Resume 
Cancel 
Preview Actions "e 
Vulnerability Scan - Internal Asset Scan 
Target: 4 IP(s) 
Scan launched by Patrick Slimmer (quays_ps39) | Start: 07/07/2016 at 17:31:31 (GMT-0700) | Scan Running 
Summary Scanner(s) are actively running the scan 
Total Hosts Alive Total appliances used Aggregate Vulnerabilities View Summary 
Pending Pending Pending 


For a scan in progress you can cancel it to stop the scan job, and you can pause it to stop 
the scan job and resume it later. When you later resume a paused scan, the scan task will 


pick up where it left off. Select “View” to re-open the Scan Status window (see sample 
below). 


The “Relaunch” option allows you to re-start a previous scan using the previous scan’s 
settings. The service makes a best effort to recall the previous scan’s settings and prefill 
values as a convenience; the current date is appended to the previous scan’s title. 


A scan segment is the time when scanner(s) are actively scanning a scan job, or a part of it 


in the case of a paused scan. Only the time when the scanner(s) are performing a scan job 
is counted in the scan duration. 
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Scan Status 


Scan Status 


You can easily track a scan and its status by going to the scans list. The solid icon © tells 
you all scan results have been processed and these results are available for reporting. The 
next time you create a scan report (based on automatic data) the scan results from the 
scan will be included. Also you'll see the scan results throughout the application. 


($) EEN Scans Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 


New w {Search} | Fiters w 1-85 of a5 >. — EI 
@ Title Targets Option Profile User Reference Date = Processing Priority Status 
@ PWEB-18001-10.10.30.9-2 10.10.30.9 va_auth_op-1 POC manager scan/1519634850 42941 02/26/2018 Finished el a 
PWEB-18001-10.10.30.9-1 10.10.30.9 va_auth_op-1 POC manager scan/1519630084.42702 02/25/2018 Finished Pi 
@ flass c scan 10.10.24.10-10.10.24.255 My Option Profile POC manager scan/1516926850.24089 01/25/2018 Finished el 
€s) 
W E) |0.10.10.10-10.10.10.30 20180126 10.10.10 10-10.10.10.30 My Option Profile POC manager ‘scan/1516926037.24082 01/25/2018 Finished PI 
(Es) 
@ } 0.10.10 10-10.10.10.30 20180125 10.10.10.10-10.10.10.30 My Option Profile POC manager scan/1516922934.23968 01/25/2018 Finished el 
(es) 
o }a_ipv6_scan-1 2001:558:fe2 1-30: 162:150:58:171, My Option Profile POC manager scan/1516108516.17961 01/16/2018 Finished P 


2001:558-fe0 (ES) bs 


Preview Actions ze 


Vulnerability Scan - 10.10.10.10-10.10.10.30 20180126 


Target: 21 IP(s) 


5/2018 at 04:32:44 PM (GMT-0800)| Scan Finished (00:11:41) 


Total Hosts Alive Total appliances used Aggregate Vulnerabilities 
1 1 445 


ar O Guar 


1) Scan Status Icons. A solid icon (filled-in) means all results available for the scan have 
been processed, meaning the host scan data has been updated throughout your 
subscription, and the results are available for reporting. When a scan is finished and the 
results have been processed, you'll see ® When results processing is in progress, you'll 
see O. You can always mouse over an icon to see the scan status. 


2) Summary in the Preview Pane. The summary includes the number of hosts scanned and 
the number of appliances used and the number of vulnerabilities detected. A summary 
statement gives you the status of the scan and whether the results have been processed. 
Also, if your scan was interrupted or if there was a scan error, such as the scanner 
appliance was unavailable, then you'll see the error returned. 


3) View Summary. Click the link in the preview section to see the current status of the scan 
and details about scanner usage, including which scanners were used to scan target hosts. 
Click on the Scanners section and expand details for a scan segment to see which 
scanners (external scanners and/or scanner appliances) were used to scan hosts. (Note 
the Scanners section is only visible in accounts with New Scanner Services enabled.) 


4) View Results. Click the link in the preview section (or choose View from the Quick 
Actions menu). 


ico 


¥ E) 10.10.10.10-10.10.10.30 20180126 Quick Actions 10.30 My Option Profile POC manager 
Given D (€s) 
Download 
@ 10.10.10.10-10.10.10.30 20180125 ae ‘i 1.10.30 My Option Profile POC manager 
elaune! 
(ES) 
oO va_ipv6_scan-1 | 162:150:58:171 My Option Profile POC manager 


Dana ER gen ce 
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Scanning for Vulnerabilities 


Scan Results 


Scan results for completed scans are always available from the scans list. The top of the 
report shows a Report Summary with information about the scan task like the scan date, 


number of active hosts, the option profile used. Following the Report Summary 


Summary of Vulnerabilities. 


Scan Results = 


File+ Views Help~ 


Scan Results 


POC manager 
est Se 
Manager 


Report Summary 
Launch Date: 
Active Hosts: 

Total Hosts. 

Type: 

Status 

Reference: 
External Scanners 
Duration 
Authentication: 
Title 

Asset Groups: 
IPs: 

Excluded IPs 
Option Profile: 


Summary of Vulnerabilities 


=. 03/19/2018 at 02:14:42 PM (GMT-0700) 


8 


8 
8, Arkansas 88 
United States of America 


01/25/2018 at 04:20:37 PM (GMT-0800) 

1 
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On demand 

Finished 

scan/1516926037.24082 

10.11.51.105 (Scanner 9.9.13-1, Vulnerability Signatures 2.4.249-3) 
00:11:41 

Windows authentication was successful for 1 host 

10.10.10. 10-10.10.10.30 20180126 


10.10.10.10-10.10.10.30 


My Option Profile (ES) 


March 19, 2018 


is the 


Total 607 Security Risk (Avg): ISB 50 

[by Severity 

Severity Confirmed Potential Information Gathered Total 
5 126 2 H 128 
4 221 1 H 222 
3 75 2 13 e0 
2 13 3 53 EI 
1 1 1 EI Ei 

Total 436 9 162 607 

[5 Biggest Categories 

Category Confirmed Potential Information Gathered Total 

Windows 281 5 28 314 

Local 115 2 1 118 

Security Policy 7 1 ei 6° 

Information gathering H 1 35 36 

Internet Explorer 17 H 0 17 

Total 420 H 125 554 
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Scan Results 


Scrolling down, you will see graphs displaying the total number of vulnerabilities by 
severity, the operating systems detected and the services detected. 


Vulnerabilities by Severity 


; Severity Level 
221 4 126 Severity 5 
19 | 221 Severity 4 
177 y 75 Severity 3 
155V | 13 Severity 2 
el G1 Severity a _ 

} 436 Total 
GI 
eu 
45 
237 

ben E 
4 3 2 1 


Severity Level 


000088 


Vulnerabilities 
H 
E 


Operating Systems Detected 


| — 1 Windows Server 2008 R2 Enterprise 64 bit Edit. 


K 3 


11 msrpc 
2 http 
1 netbios ns 

1 win remote desktop over ssl 

1 Microsoft Message Queue Server 
1 DCERPC Endpoint Mapper 

1 microsoft-ds 


vr 


Then what follows are detailed results sorted by host and characterized by operating 
system. Detailed results for your internal hosts will be shown in this section of the report. 
The sample detailed results section below shows there were 436 confirmed vulnerabilities 
for IP address 10.10.10.11 running Windows Server 2008 R2 Enterprise 64 bit Edition 
Service Pack 1. 
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Scan Results 


f you click on the title of a vulnerability, you’ll see a comprehensive description of the 
vulnerability, including threat, impact, verified solution . 


Detailed Results 


w 10.10.10.11 (2k8r2-u-10-11, 2K8R2-U-10-11) Windows Server 2008 R2 Enterprise 64 bit Edition Service Pack 1 
cpe:/o:microsoft:windows_server_2008:r2:sp1:enterprise_x64: 


w Vulnerabilities (436) BE 
> MM 5 Microsoft OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (MS11-007) 
> MIM 5 Microsoft Windows Cumulative Security Update of ActiveX Kill Bits (MS11-027) 
> IMM 5 Microsoft NET Framework Remote Code Execution Vulnerability (MS11-028) 

v BEE 5 Microsoft OpenType Compact Font Format (CFF) Driver Remote Code Execution Vulnerability (MS11-032) 
op: e0607 


Category: Windows 
CVE ID: CVE-2011-0034 
Vendor Reference MS11-032 
Bugtraq ID: - 

Service Modified: 05/06/2011 
User Modified: 

Edited: No 

PCI Vuln: Yes 

THREAT: 


Microsoft OpenType is a font format developed jointly by Microsoft and Adobe as an extension of Apple's TrueType font format. An OpenType CFF font is an OpenType font that contains 
PostScript Type 1 outlines. OpenType fonts can contain either PostScript Type 1 or TrueType outlines. 

A remote code execution vulnerability exists in the way that the OpenType Font (OTF) driver improperly parses specially crafted OpenType fonts. (CVE-2011-0024) 

Microsoft has released an update that addresses the vulnerabilitiy by correcting the manner in which the OpenType Font (OTF) driver parses a specially crafted OpenType font. 

This security update is rated Critical for all supported editions of Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2. This security update is also rated 
Important for all supported editions of Windows XP and Windows Server 2003. 

Windows Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s): 

April Security Updates for XP Embedded SP3 and Standard 2009 Are Now on ECE (KB2507618) 


IMPACT: 
By exploiting this vulnerability, an attacker could run arbitrary code in kernel mode. 


SOLUTION: 

Workaround: 

1) Disable the Preview Pane and Detsils Pane in Windows Explorer 

Impact of workaround #1: Windows Explorer will not automatically display OTF fonts. 

2) Disable the WebClient service 

Impact of workaround #2: When the WebClient service is disabled, Web Distributed Authoring and Versioning (WebDAV) requests are not transmitted. In addition, any services that 
explicitly depend on the WebClient service will not start, and an error message will be logged in the System log 

Patch. 

Following are links for downloading patches to fix the vulnerabilities: 


Qualys correlates exploitability information from third party vendors and/or publicly 
available sources to provide up to date references to exploits and related security sources. 
Exploitability information enables users to perform risk-oriented analysis of 
vulnerabilities and to further prioritize their remediation plans. 


Qualys correlates malware information with Qualys-detected vulnerabilities when 
malware threats for vulnerabilities are published in the Trend Micro Threat Encyclopedia. 
This correlation allows users to prioritize and filter vulnerabilities so that they can get 
actionable information to administrators for remediation of vulnerabilities that can lead 
to malware infections. 


Sample exploitability information is below. 


EXPLOITABILITY: 


za Core Security 
Reference: CVE-2011-0024 
Description: Microsoft Windows OpenType Stack Overflow DoS (MS11-022) - Core Security Category : Denial of Service/Local 


Some vulnerability detections return scan test results. Sample scan test results is below. 


RESULTS: 

Sewindir% \system32\Atmid.dil Version is 5.1.2.230 
windir%\system32\Atmid.dil Version is 5.1.2.230 
Swindir%\system32\Atmid.dil Version is 5.1.2.230 
Sewindir% \system32\Atmid.dill Version is 5.1.2.230 


> MMM S Microsoft SMB Server Remote Code Execution Vulnerability (MS11-020) 
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Scheduling Scans 


As you saw with mapping, scanning can also be scheduled. Select the “Schedules” tab 
under “Scans” and then go to New > Vulnerability Schedule Scan. The New Scheduled 
Vulnerability Scan page appears. You give the schedule a title, select scan targets, and 
then choose a start time, duration and occurrence frequency. 


By scheduling scans in conjunction with reports that combine historical data, managers 
can see vulnerability trends over time. This provides a good executive-level view of current 
state of vulnerabilities, and progress being made in remediation - a key element for 
regulatory compliance reporting. 


You can configure the scheduled scan to run daily, weekly, monthly or one time one. This 
scan task runs monthly, the first Sunday of every month, starting at 3:30 AM Pacific Time 
(GMT-0800). You have the option of observing Daylight Saving Time (DST). You can also 
configure the scheduled scan to automatically stop after a set number of hours. 


New Scheduled Vulnerability Scan Turn help tips: On | Off Launch Help x 


Task Title 
Scheduling 


Target Hosts Gët 
Start Jul 07,2016 31 | 03:30 


(GMT -08:00) United States, California (Pacific Standarc ze ` NI DST 


Notifications Duration: 


E | Pause z| aer o1 [x] nours 


Schedule Status Resume Days: 


Occurs: Monthly |æ] 


Day| 1 of even 1 month 


Sg Te First z| Sunday x| ofevery|1 month 


E Ends after occurrences 


The Manager primary contact has the option to allow users to configure a scheduled scan 
to relaunch once a scan instance finishes, when New Scanner Services is enabled for the 
subscription. This gives users the ability to perform continuous scanning by launching a 
new scan as soon as the previous one finishes. This option is set by going to Scans > Setup 
> Scheduled Scans. Once configured, users have the option to start continuous scanning 
by configuring a schedule and selecting “Relaunch on Finish” from the Occurs menu. 


Please note: 


1) The schedule will be deactivated the first time a scan error is reported unless you 
choose to deactivate it after two or more scans have errors. 


2) Be aware that each active scan counts towards the concurrent scans limit set for your 
subscription. Also any scan may have impact to your network and the same impact could 
occur repeatedly, until the schedule is deactivated, canceled or paused. 


The Manager primary contact has the option to prevent the service form starting a new 
scheduled scan when there's an instance of it running. In this case the service skips 
launching the second scan, sets the next launch date to the future, and counts the 
skipped scan as an occurrence. This option is set by going to Scans > Setup > Scheduled 
Scans. 
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Scanner Parallelization 


The scanner parallelization feature increases scan speed, making a scan up to 4 times 
faster, depending on the size of your network, while maintaining scan accuracy. It allows 
you to distribute a scan task to multiple scanner appliances when the scan target includes 
asset groups. 


When enabled for a scan task at scan time, the task is distributed to multiple scanner 
appliances in parallel for each target asset group. The scanners in each asset group are 
used to scan the asset group’s IP addresses. Upon completion, results are combined into a 
single Scan Results report. 


To use the scanner parallelization feature, select the option “All Scanners in Asset Group” 
from the “Scanner Appliance” menu when launching or scheduling a scan. 


Launch Vulnerability Scan Launch Help 


General Information 


Give your scan a name, select a scan profile (a default is selected for you with recommended settings), and choose a scanner from the 
Scanner Appliance menu for internal scans, if visible. 


Title: California Assets 


Option Profile: * Initial Options *h Select 


Scanner Appliance All Scanners in Asset Group [=] 


Choose Target Hosts from 


Tell us which hosts (IP addresses) you want to scan. 


Asset Groups CA-LA,CA-SF *k Select 


IPs/Ranges *h Select 


192.168.0.87-192.168.0.92, 192.168.0.200 


Exclude IPs/Ranges *h Select 


192.168.0.87-192.168.0.92, 192.168.0.200 


Launch | ` Cancel | 


View the scanner appliances list to see information about scanner appliances in your 
account. Select the “Appliances” tab under “Scans”. Columns show whether an appliance 
status is online (blank) or offline (yellow warning icon) based on the latest heartbeat check 
(every 4 hours), whether the appliance is busy running maps and/or scans, and whether 
its software is up to date. Select “Info” from the Quick Actions menu to view more 
information for any appliance. 


Selective Scanning using Search Lists 


To perform a scan on individual vulnerabilities, you can tune the option profile for the 
scanner to only scan for selective vulnerabilities. This can be done by adding search lists 
to the “Vulnerability Detection” section of the scan profile. Select the “Custom” option and 
then click the “Add Lists” button to add one or more saved search lists to the option 
profile. The search lists define which vulnerabilities you want to scan for. When the option 
profile is applied to a scan task, the QIDs in the search list are scanned. 
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There are 2 types of vulnerability search lists: Static and Dynamic. A Static search list 
includes a specific list of vulnerabilities (QIDs) that you define. A Dynamic search list 
consists of a set of vulnerability search criteria (severity level, category, CVSS score, patch 
availability, etc). When a dynamic search list is used, the service queries the 
KnowledgeBase to find all QIDs that currently match the search criteria and then includes 
those QIDs in the action. Dynamic search lists are updated automatically by the service as 
new QIDs are added to the KnowledgeBase and new patch information becomes available. 


To create and manage the search lists in your account, select the “Search Lists” tab from 
any of these sections of the UI: Scans, Reports or KnowledgeBase. 


Note that vulnerability search lists may also be used in other business objects, including 
scan report templates (for selective vulnerability reporting) and remediation policy rules 
(for ticket creation). You can find complete information and instructions for managing 
and using search lists in the online help. 


PCI Scans and Compliance 


Qualys is certified to help merchants and their consultants evaluate the security of credit 
card payment systems that process, transmit and store cardholder data, and achieve 
compliance with the Payment Card Industry (PCI) Data Security Standard (DSS). To learn 
how to validate compliance with the PCI Data Security Standard, go here. 


The Payment Card Industry (PCI) Compliance module is available in your account only 
when the PCI module is enabled for your subscription. 


PCI Data Security Standard 


The PCI Security Standards Council requires banks, online merchants and Member 
Service Providers (MSPs) to protect cardholder information by adhering to a set of data 
security requirements outlined in the PCI Data Security Standard. Founding members of 
the PCI Security Standards Council are American Express, Discover Financial Services, JCB, 
MasterCard Worldwide and Visa International. 


The PCI Data Security Standard (DSS) represents a common set of industry tools and 
measurements for ensuring the safe handling of sensitive information. It details technical 
requirements for the secure storage, processing and transmission of cardholder data. 


Quarterly PCI External Scans Workflow 


Per PCI DSS v3.0 requirement 11.2.2, the PCI Council requires merchants to perform 
quarterly external vulnerability scans via an Approved Scanning Vendor (ASV), approved 
by the PCI Security Standards Council (PCI SSC). Qualys is a certified ASV. Every part of 
cardholder data system components needs to be scanned. 


Follow these simple steps to achieve the PCI DSS requirements for quarterly external 
scans. 
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Step 1: Run a PCI External Scan 


Go to VM/VMDR > Scans. To launch an on demand scan, select New > Scan. To schedule a 
scan, select New > Schedule Scan. For the scan settings, select the option profile “Payment 
Card Industry Options”. This profile is provided by the service and it is required in order to 
meet PCI compliance for external scans. It includes configuration settings required for PCI 
external scans, according to the PCI Data Security Standard (PCI DSS). For the scan target, 
select your cardholder data system components. 


Step 2: Fix Vulnerabilities and Re-Scan 


Run the PCI Technical Report to see whether your scan is compliant. Go to Reports > 
Templates, hover over the “Payment Card Industry (PCI) Technical Report” and then select 
Run from the Quick Actions menu. 


Looking at your report you’ll see the PCI compliance status (PASS or FAIL) for the overall 
report, for each host and each vulnerability detected. Vulnerabilities with the FAIL status 
must be fixed to pass the PCI compliance requirements. (Vulnerabilities with no PCI status 
are not required for compliance, however we do recommend you fix them in severity 
order.) 


After fixing vulnerabilities, be sure to re-scan to verify that all PCI vulnerabilities are fixed 
and the overall status is PASS. 
Step 3: Create Your Certification Report 


1 Select PCI from the application picker. Then add a link to a PCI Merchant account 
(new or existing). You'll use this account for creating your certification report. 


2 Select VM/VMDR from the application picker. Go to Scans, select your external PCI 
scan from the list, click Share with PCI (in the preview pane), and select the PCI 
account you've linked to. 


(3) Scans Scans Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 


new) (Sen) (n = 
Title Targets Option Profile User Reference Date H 
4) @ PCi Scan 10.10.10.11 Payment Card POC manager scan/1509572064.80505 11/01/2017 
Industry (PCI) 
Options 
E) CRM_Scan_Launch_1442934880 20171024 - IPv4+IPv6 {d7d:66b5:82c1:a22::a0a:22c1 Initial Options POC manager scan/1508851482.78290 10/24/2017 
2001:470:8418:a. 
@ CRM_Scan_Launch_1442934880 20171024 fd7d:66b5:82c1:a22::a0a:22c1 Initial Options POC manager scan/1508850193.78286 10/24/2017 
2001:470:8418:a. 
A CRM_Scan_Launch_1442934880 20171024 {d70:66b5:82c1:a22::a0a:22c1 Initial Options POC manager scan/1508849855.78285 10/24/2017 
2001:470:8418:a. 
A CRM_Scan_Launch_1442934880 20171024 fd7d:66b5:82c1:a22::a0a:22c1 Initial Options POC manager scan/1508847970.78284 10/24/2017 


Preview 


Vulnerability Scan - PCi Scan 
Target: 1 IP(s) 


Scan launched by POC manager (quays_as) | Start: 11/01/201 35:22 PM (GMT-0700) | Ended: 11/01/2017 at 02:47:49 PM (GMT-0700)| Scan Finished (00:12:27) 


Summary Scanner(s) are finished. Results from this scan have been processed 


Total Hosts Alive Total appliances used Aggregate Vulnerabilities View Summary | View Results 
1 1 15 
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3 Select PCI from the application picker. Log in to your PCI account. 


4 Now you're ready to create your certification report within PCI. Go to Compliance 
> Compliance Status, click Generate (under Compliance Status > Actions) and use 
the report wizard to create your report and submit it to your acquiring banks. 


Quarterly PCI Internal Scans Workflow 


Per PCI DSS v3.0 requirement 11.2.1 and 11.2.3, the PCI Security Standards Council (PCI 
SSC) requires merchants to perform quarterly internal vulnerability scans and obtain a 
passing scan. Every part of cardholder data system components needs to be scanned. Per 
requirement 6.1, the PCI Council requires merchants to establish a process to identify and 
assign risk rankings for newly discovered security vulnerabilities, and to ensure all High 
ranking vulnerabilities are fixed. 


How it works: The service uses the PCI risk rankings High, Medium and Low. By default 
these are set to the same CVSS scores as required for ASV external scans. By customizing 
the risk ranking scale within a PCI scan template, you have the ability to create different 
reports on different sub-nets using a different risk ranking scale for each. 


Follow these simple steps to meet the PCI DSS requirements for quarterly internal scans. 


Step 1: Create Asset Groups based on PCI Risk Ranking 


Go to Assets > Asset Groups and create groups that organize your IPs according to your 
custom PCI risk ranking. Each group will correspond to a risk ranking. Later, after you scan 
your IPs, you'll create scan reports to verify compliance against your risk ranking. The PCI 
scan report template allows you to create a custom risk ranking scale with exceptions for 
selected QIDs (see Step 3). 


Step 2: Run a PCI Internal Scan 


Go to VM/VMDR > Scans. To launch an on demand scan, select New > Scan. To schedule a 
scan, select New > Schedule Scan. For the scan settings: 1) select the asset groups you 
want to scan (created in the previous step), and 2) select the option profile “Initial Options” 
or one that you've customized. The “Payment Card Industry (PCI) Options” is not 
recommended since this has settings tailored for an external PCI scan and it may increase 
your scan time significantly. 


Step 3: Create Your PCI Scan Report 


First create a PCI report template. Go to Reports > Templates and select New > PCI Scan 
Template. Be sure to create a template for each ranking scale (High, Medium, Low) within 
your organization. 


D 


Then create a report, go to Reports > Templates. Hover over your template, and select Run 
from the Quick Actions menu. 


Step 4: Fix Vulnerabilities and Re-Scan 


Review your PCI scan reports. If there are any High ranking vulnerabilities they must be 
fixed. Be sure to re-scan and re-run your reports to confirm that all High ranking 
vulnerabilities are fixed. 
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Vulnerability KnowledgeBase 


Qualys provides highly accurate vulnerability scanning made possible by the industry’s 
largest and most complete Vulnerability KnowledgeBase, an inventory of thousands of 
known vulnerabilities that covers all major operating systems, services and applications. 
Vulnerability checks in the KnowledgeBase are continuously added and updated. 


To view the KnowledgeBase, select “KnowledgeBase” on the top menu. 


| VMDR {v J] Help w | Patrick Slimmer (quays_xt49) w ` Logout 


Dashboard Vulnerabilities Prioritization Scans Reports Remediation Assets. KnowledgeBase /Users 


OCS ER KnowledgeBase Search Lists iDefense Intelligence 


New w || Search 1-20 of 49578 | RI 

op Title Severity Category CVEID Vendor Reference CVSS Base CVSS3Base Bugtraq ID Modified~ Published 

372431 F5 BIG-IP ASM,LTM.APMNTP vulnerability (K09940637) WEN ]3 Local CVE-2019-11331 _K09940637 68 81 04/02/2020 04/02/2020 4 
D 

372454 Adobe Bridge Multiple Vulnerability (APSB20-17 EEN `" Local CVE-2020-9551,  APSB20-17 68 78 04/02/2020 04/02/2020 
t CVE-2020-9552 

372471 GlobalProtect Agent Local Privilege Escalation EEN | Local CVE-2019-17436,  CVE-2019-17435, 6.6 7A 04/02/2020 04/02/2020 

Vulnerability CVE-2019-17435  CVE-2019-17436 

to 

372424 F5 BIG-IP ASM,LTM.APM UCS vulnerability (K25607522) [III | 173 Local CVE-2019-6688 ` K25607522 40 43 04/02/2020 04/02/2020 
io 

372468 Parallels Desktop Privilege Escalation Vulnerability (ZDI- WEI ` "7 Local CVE-2020-8871 Parallels Desktop 4.6 67 04/02/2020 04/02/2020 

20-292) 

Lg 

48089 Trend Micro OfficeScan Detected ` "NL a 1 Information CVE-2020-8467 - - 04/02/2020 04/02/2020 

gathering CVE-2020-8468 

45422 Open Source HIDS SECurity Detected D 1 Information - - 04/02/2020 04/02/2020 
D gathering 

238102 Red Hat Update for gettext (RHSA-2020:1138) DR 2 RedHat CVE-2018-18751  RHSA-2020:1138 7.5 98 04/02/2020 04/02/2020 
LS 

238103 Red Hat Update for python3 (RHSA-2020:1132 EEN `" RedHat CVE-2018-20852,  RHSA-2020:1132 5.0 75 04/02/2020 04/02/2020 
LR CVE-2019-16056 X 


In the upper right corner you'll see the total number of vulnerabilities along with 
navigation buttons for paging through the list. 


The Severity column indicates severity from 1 (minimal) to 5 (urgent). Red represents 
confirmed vulnerabilities, yellow represents potential vulnerabilities, and blue represents 
information gathered. 


Icons in the Title column indicate the discovery method assigned by the service, patch 
availability, exploitability, associated malware, and QIDs that correspond to report filters. 


Discovery Method. Each vulnerability is assigned a discovery method indicated by these 
icons: 


"Ai alone indicates Remote Only discovery. The vulnerability can be detected only using 
remote (unauthenticated) scanning. 


% alone indicates Authenticated Only discovery. The vulnerability can be detected only 
using authenticated scanning. 


‘x’ and % indicates Remote or Authenticated discovery. The vulnerability can be detected 
using remote scanning or authenticated scanning. 
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Patch Available. ® indicates that a patch is currently available from the vendor. Note that 
you can use the Search functionality in the KnowledgeBase to find all vulnerabilities that 
have or do not have an available patch. 


Exploitability. = indicates that exploitability information is available. The service 
correlates exploitability information with service-detected vulnerabilities when known 
exploits are published by third party vendors and/or publicly available sources. 


Associated Malware. @ indicates that malware is associated with this vulnerability. The 
service correlates malware information with vulnerabilities when malware threats for 
vulnerabilities are published in the Trend Micro Threat Encyclopedia. 


Not Exploitable due to Configuration. * indicates that this QID may be filtered out of 
reports when the report filter “Exclude QIDs not exploitable due to configuration” is 
selected. This filter appears in scan reports, patch reports and scorecard reports. 


Non-Running Services. o indicates that this QID may be filtered out of reports when the 
report filter “Exclude non-running services” is selected. This filter appears in scan reports, 
patch reports and scorecard reports. 


Scanning Summary 


Qualys supports both on demand and scheduled vulnerability scanning. Scanning profiles 
allow you to tailor the scan based on your selection of scanning criteria. All scans initiate 
emails with results summaries and links to the saved Scan Results information. 


Qualys also provides additional scanning capabilities using other Qualys modules. Check 
out our video libraries and user guides (select Help > Resources from the top menu). 
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Search, View, Prioritize 


Check out our interactive dashboards for a high-level summary of your security and 
compliance posture based on the latest data available in your account. 


View Your Dashboard 


Use the Qualys provided VMDR dashboard to view your security posture. Create multiple 
dashboards and switch between them. Each dashboard has a collection of widgets 
showing asset data of interest. Use the Actions menu to manage your dashboards. 


To view your dashboard, select “Dashboard” on the top menu. 


@ Qualys. cloud Platform 


VMDR ov Help ¥ Patrick Simmer (quays_pm7) Logout 


Dashboard ) Vulnerabilities Prioritization Scans Reports Remediation Assets KnowledgeBase Users 


© scans scans Maps| Schedules “Appliances Option Profiles. | Authentication | Search Lists Setup 


PRIORITIZATION SCANS REPORTS REMEDIATION ASSETS KNOWLEDGEBASE USERS See 


New w | [Search| | Fites z VMDR DASHBOARD VULNERABILITIES 


New Vulnerability Management v 


FIXED VULNERABILITIES 


DISABLED / IGNORED VULNS VULNERABILITIES BY SEVERITY VULNERABILITIES BY TYPE 


S 
126 Confirmed 
= 
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For accounts that have not been upgraded to VMDR you'll see the classic VM dashboard 
with a summary of your overall security posture based on the most recent vulnerability 
scan results. Here’s a sample classic VM dashboard. 


Vulnerability Management v Help v | Patrick Simmer (quays_tt!) w Logout 
Dashboard Scans Reports Remediation Assets KnowledgeBase Users 
Top 10 vulnerabilities 
Dashboard corso new Active Reopened z —, 
Status within your permissions 8.619 13,050 94 Apache HTTP Server Multiple Cross-Sit... Ez 
Last Updated: 28 June 2016 , , Schedule Scan E 
SSL Server Allows Anonymous Authentic... [IEE 
= = B = 
Vulnerabilities by severity SSH Protocol Version 1 Supported anam 
E 
OpenSSH Signal Handling Vulnerability Bee 
B 
5,000 OpenSSL Multiple Remote Security Vuln... el 
d SSLITLS Server Factoring RSA Export K... BBEU 
Z = = 
H 
= 2500 Most vulnerable hosts View All Refresh 
gd 
= 10.10.10.11 
2K8R2-U-10-11 
10.10.10.86 
o = 2012R2DTR-10-86 
Level 5 Level 4 Level 3 Level 2 Level 1 Sees E 
2K3-33-226 
10.10.25.69 
Thie Date Status Title Next Launch 10.10.30.11 
e 2KBCSP2-20-11 - 
Daily Windows Scan - 20160628 06/27/2016 Finished Daily Windows Scan 06/28/2016 at 16:00:00 (GMT-0700) 
My Scan 06/09/2016 Finished Daily Unix Scan 06/28/2016 at 16:30:00 (GMT-0700) Latest reports View all 
Windows Hosts 06/02/2016 Finished My Monthly Scan 07/03/2016 at 03:00:00 (GMT-0700) By Topi 
10.10.25.69 06/02/2016 Finished 28 Jun 2016, 15:17:28 
10.10.25.69 06/02/2016 Finished m) High Severity Report 
28 Jun 2016, 15:13:20 
D Auth Report - Windows Hosts = 
28 Jun 2016, 15:12:09 
| Patch Report Assigned CVSS Score-HighSeverity-Q... 
28 Jun 2016, 10:20:37 
Zei Patch Report Assigned CVSS Score-HighSeverity-Q... 
28 Jun 2016, 10:19:19 


How do | configure the classic VM dashboard? 


Click the Configure link to select the vulnerabilities and potential vulnerabilities you’re 
interested in. (Note that disabled and ignored vulnerabilities are not included in your 
dashboard.) 


How often is the classic VM dashboard updated? 


It’s updated automatically as new scan results become available. You might want to start 
a scan from here (if you have scanning permissions). This is a convenient way to get the 
latest vulnerability data in your dashboard view. 
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View Asset and Vulnerability Details 


Choose “Vulnerabilities” to get a complete view of vulnerability posture from an asset and 
vulnerability point of view. (Not seeing this option? This option only appears in accounts 
that have been upgraded to VMDR.) 


@ Qualys. cloud Platform 


VMDR ` v CH Ú Hepv Patrick Stimmer (quays_pm7)~ Logout 


Dashboard Prioritization Scans Reports Remediation Assets KnowledgeBase Users 


Maps Schedules Appliances Option Profiles Authentication Search Lists Setup 


@ Qualys. cloud Platform 


VMDR + pasHBoarD (~ vi IES) PRIORITIZATION SCANS REPORTS REMEDIATION ASSETS KNOWLEDGEBASE USERS 205 


Vulnerabilities 


Vulnerability ¥ | Q Search... ny 


Total Detections 


x2010sp1-10-46.. ^ 


82003 ICMP Timestamp Request D Mar 27,2020 Mar 27,2020 


SEVERITY = New ` 4329910 
6 J 70000 NetBIOS Name Accessible = Mar 27,2020 Mar 27, 2020 ex2010sp1-10-46... 
3 53 New 7 4329910 
5 12 
4 a 91541 Microsoft Windows Remote Desktop Servic.. MMMM Mar 27 , 2020 Mar 27 , 2020 ex2010sp1-10-46... 
1 7 Wes ` 4329910 

90782 Microsoft Windows DNS Server Denial of Se.. MEE: Mar 27,2020 Mar 27,2020 x2010sp1-10-46... 
CATEGORY New 4329910 
General remote s_ 7 
Windows: “u 90726 Microsoft Windows DNS Server Remote Cod... MININININ mar 27,2020 Mar 27, 2020 x2010sp1-10-46... 
DNS and BIND 10 4329510 
UE 2 90695 Microsoft DNS Resolution Remote Code Exe... "mmm Mar 27 , 2020 Mar 27, 2020 ex2010sp1-10-46... 
WE K Oo New 4329910 

7 more 

91345 Microsoft SMB Server Remote Code Executi.. MEEI var 27,2020 Mar 27 , 2020 x2010sp1-10-46... 
OPERATING SYSTEM (New 4329910 
(sel s: = 105501 Windows Network Level Authentication Disa.. MI Mar 27 , 2020 Mar 27,2020 ex2010sp1-10-46... 
Ae RW "o | eem 4329910 SA 


Select “Asset” to view the assets in your inventory. Use the metadata filters, group by 
options and custom query capabilities to quickly find what you're interested in. 


VMDR ~ DASHBOARD VULNERABILITIES PRIORITIZATION SCANS REPORTS REMEDIATION 


Vulnerabilities 


Vulnerability e Q, Search... 


1 29 Asset Vulnerability | | GroupBy:.. v | | W Fiters v | 


Total Assets 


PERATING SYSTE 
ERATING 


10.115.75.227 


LAST LOGGED ON USER i 10.115.75.227 ® Ubuntu / Tiny Core Linux / Linux 2.6.x / ~ Unknown 
6 


-\Administrator 
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When you find the asset you’re interested in, select the asset name link to get details. 


` 


Vulnerabilities 


Vulnerability v QQ Search... 


129 


NAME 


Total Assets 


Group By:... v | | W Filters v | 


OPERATING SYSTEM 


10.115.75.230 


10.115.75.227 


LAST LOGGED ON USER 
10.115.75.227 

Administrator 6 

205767712438 1 desktop-ki3hos9 es 
10.115 An 223 

TAGS 


10.115.75.180 


© Ubuntu / Tiny Core Linux / Linux 2.6.x / ~ 


E Windows 2016/2019/10 


® EulerOs / Ubuntu / Fedora / Tiny Core L... 


You'll get a comprehensive asset view with many up-to-date details. Here’s the asset 


summary of the selected asset 


< Asset Details: desktop-ki3hos9 


Y INVENTORY 
Asset Summary 
‘Asset Summary 
‘System Information z 
desktop-ki3hos9 
Network Information | | 
an Windows 2076/2019/10 
Open Ports ‘Unknown Manufacturer / Model 
Installed Software 
Identification 
Y SECURITY 
DNS Hostname desktop-ki3hos9 
Vulnerabilities 
FQDN: 
VMOR Prioritization 
= NetBIOS Name: DESKTOP-KI3HOS9 
Indication of Compromise IPv4 Addresses 10.115.75.223 
Corcircaten. IPv6 Addresses 
© COMPLIANCE Asset iD 2004548 
File integrity Monitoring Host ID 869428 
Policy Compliance 
Activity 
v SENSORS Last User Login 
ee Last System Boot 
Alert Notification 
Created On Jan 24, 2020 12:38 pm 


Kl 
Kl Location unknown 


Last Seen: Jan 24 2020 12:38 pm 


Tags add Tegs 
1 "lex Bi 
a 


The “Vulnerabilities” section gives you an interactive summary of vulnerabilities on the 
asset. Choose the severities you want shown, click on widget charts and graphs to drill 
down further, and choose View for a list of all vulnerabilities. 


< Asset Details: desktop-ki3hos9 


INVENTORY DO 
Vulnerabilities 
Asset Summary 
‘System Information Vulnerabilities by Severity 
see EE En 
Open Ports 
Installed Software ‘CONFIRMED VULNERABILITIES POTENTIAL VULNERABILITIES 
v SECURITY J Total q Tol 
Vulnerabilities B Seems 3 8 Seen? 0 
E EE B Seen? 0 
RE 8 See? 4 B Severiya 1 
Patch Management 
Indication of Compromise 
Certificates 
w COMPLIANCE Detections by Status Last7 Days v 
File Integrity Monitoring 
ray caia Active Reopened Fixed 
Y SENSORS 0 (0) (0) 
Agent Summary Confirmed 0 Confirmed o Confirmed o Confirmed o 
Aan Notification Potential H Potential o Potential H Potential H 
D 
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Run a Prioritization Report 


Use the VMDR Prioritization report to automatically prioritize the riskiest vulnerabilities 
on your most critical assets — reducing potentially thousands of discovered vulnerabilities, 
to the few that matter. (Not seeing this option? This option only appears in accounts 
upgraded to VMDR. It does not appear in accounts with VMDR experience.) 


@ Qualys. cloud Platform | 


VMDOR āăě v $J Help Patick Simmer (quays pm7) v Logout | 


Dashboard Vulnerabilities CProvitzaton ) Scans Reports Remediation Assets KnowledgeBase Users 


© Scans scans Maps schedules Appliances Option Profiles Authentication Search Lists 
@ Qualys. Cloud Piatfor 


VMDR DASHBOARD VULNERABILITIES (PRIORITIZATION) SCANS REPORTS REMEDIATION ASSETS KNOWLEDGEBASE USERS 205 


Tite 


Welcome to VMDR Prioritization 


When generating a report for the first time, simply click the plus icon + . For subsequent 
reports, you'll go to Reports and click “Create Report”. Select asset tags to narrow down 
your prioritized list to vulnerabilities associated with the assets you select. Then select the 
filters you want to use for your report: Detection Age, Real-Time Threat Indicators and 
Attack Surface. See the help for each filter to learn more. 


< VMDR Prioritization (Export to Dashboard `) (Download Report 


Asset tags (3) 
8 154 


le age x [Business Unite x || Cloud Agent x 


Gan 
oRNER 


Total Assets Total Vulnerabilities 


Detection Age @ Real-Time Threat Indicators (RTI) (4) @ Attack Surface @ 


á Running Kernel 
» Easy Exploit (58 Pat lable (58) ) ( High Data Loss (28) 


Running Service 
Malware (0) ` ` Wormabie (0) 


Not Mitigated by Configuration 
Active Attacks (10) ) (Exploit Kit (0) ne 


Remotely Discoverable Only 


ent (22) Predicted High Risk (0) 


Click “Prioritize Now” to enable the threat intelligence to prioritize the riskiest 
vulnerabilities on your network for the assets you selected. Once you generate the report, 
you can proceed with patching the vulnerabilities (if the Patch Management app is 
enabled in your subscription), export the report in the form of a widget to your dashboard 
or download the report in CSV format. 
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Reporting and Remediation 


One area that distinguishes Qualys from other Vulnerability Management solutions is its 
very flexible, comprehensive reporting capabilities. Most other solutions produce ngid 
reports that reflect, one-for-one, whatever data they have gathered during a scan. 


Qualys reports consist of these basic components: 

- Network assets included in the report, 

- Graphs and charts showing overall summaries and network security status, 
- Trending analysis for a given network, 

- Information about discovered vulnerabilities, and 


- Filtering and sorting options to provide many different views of the data. 


Launching Reports 


The reporting process works in a very similar way to the scanning process. You launch a 
report, it runs in the background while you work on other things, you can check the status 
from the reports list, and when the report is complete, an email summary is sent out with 
a link to the saved report. 


To launch a new report, go to the “Reports” tab and then go to the New menu and select 
the type of report you want to generate. (Don’t see this option? Go to Reports > Templates 
and select “Run” from the Quick Actions menu). 


VMDR {v Help w | Patrick Slimmer (quays_xt49) w ` Logout 


Dashboard Vulnerabilities Prioritization Scans (Reports ) Remediation Assets KnowledgeBase Users 


mili Reports Reports Schedules Templates Risk Analysis Search Lists Setup 


New w || Search| | Fitters w 0-00f0 tv 


View Report 5°" Report >| Template Based. plate User Format Created ~ Expires Size Status 
Scorecard Report. PCI Scan Template. 


Map Report No reports found. 


Patch Report 
Authentication Report 
Remediation Report 
Compliance Report 


Asset Search Report 


Download. 


Follow the online prompts to provide report details like a report title, report template and 
report format. Click the “Select” link next to the Report Template field to select a report 
template. Note there are several report templates provided to help you get started. 
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Select a template from your account, then click the Select button (below the list). 


Select a Report Template = 


Kaes Info 3 Title a Type Source User Modified 
© © © Executive Report @ Host Based Patrick Slimmer 03/23/2020 

© ® High Severity Report @ Host Based Patrick Slimmer 03/23/2020 

© © Technical Report o Host Based Patrick Slimmer 03/23/2020 


Or select a template from our Template Library and click the Import button (below the 
list). You can import a template and use it as is or edit the template to suit your needs. 


Select a Report Template ps 


Search 1-40f4 LN 


Templates 


Template Library S nogi = Description SE 


© G) Assets with Obsolete Software v.1 ` A report listing systems that are highly vulnerable because they are currently running 04/18/2017 
obsolete or unsupported software/operating systems. 


3) Disabled/gnored Vulnerabilities v.1 A report listing vulnerabilities that are intentionally excluded from reports by users 04/18/2017 
(currently disabled or ignored). 


3) Patchable High-priority A report listing high-priority vulnerabilities that can be remediated via a vendor-supplied 04/18/2017 
Vulnerabilities v.1 patch. 


G) Remediated Vulnerabilities Last 30 A report listing vulnerabilities that have been fixed in the last 30 days. 04/18/2017 
Days v.1 


The hosts to include in your report (the Report Source) is selected by default from the 
template settings. You can overwrite this by entering values for Asset Groups, IPs/Ranges 
and/or Asset Tags. When you're ready click “Run” to launch the report. 


The status of your report appears in a second browser window. Close the window to let the 
report run in the background. You can check the status of your report at any time from the 
reports list, and then download the completed report once it’s finished. A report 
completion email notification is also available. When enabled, an email is sent to you 
when the report is complete. The email includes a report summary and a link to the saved 
report. 


Accessing Reports 


When Report Share is enabled, users launch reports, view report status and download 
completed reports from the reports list according to their user roles and account settings. 
Additional features enable users with manager privileges to distribute reports to the right 
people at the nght time. 


To access shared reports, select “Reports” from the top menu and then select the “Reports” 
tab. The report history list appears. (The “Reports” tab is not visible if Report Share is not 
enabled. Jump ahead to Report Templates if this applies to you.) 


Reporting and Remediation 
Sharing Reports 


The reports list is empty until at least one user generates a report. As reports are 
generated, the list is populated. The sample reports list below shows reports in various 
formats, created by different users at different times. 


nili Reports Reports Schedules Templates Risk Analysis Search Lists Setup 


New w || Search | Fitters w 1-70f7 wv 


View Report Title Type Launched Report Template User Format Created + Expires Size Status 
D Authentication Details + a Authentication Report Joe Torres HTML 06/30/2016 07/07/2016 22992KB_ Finished 
D Qualys Top 20 Report Lë Qualys Top 20 Report Joe Torres HTML 06/30/2016 07/07/2016 24375KB Finished 
D My Patch Report ei a Qualys Patch Report Joe Torres Online 06/30/2016 07/07/2016 96.87 KB Finished 
D Executive Report @ a Executive Report Joe Torres PDF 06/30/2016 07/07/2016 29.44 KB Finished 
D Patchable High Priority Vulnerabilities KI kal Patchable High-priority Vulnerabilities v.1 Joe Torres csv 06/30/2016 07/07/2016 1.29 MB Finished 
D Vulnerability Scorecard Report KI kal Vulnerability Scorecard Report Joe Torres HTML 06/30/2016 07/07/2016 177.97 KB Finished 
D High Severity KI SI High Severity Report Joe Torres HTML 06/30/2016 07/07/2016 48646KB_ Finished 


Sharing Reports 


Privileges to view reports in the reports list depends on each user’s assigned role and 
assets, as defined for their user account. By default, Managers can view all reports in the 
subscription, Unit Managers can view all reports in their business unit, and Scanners and 
Readers can view their own reports. 


There’s more ways you can easily share reports with others: 


Grant Users Report Access — As a Manager user, you have the ability to grant other users 
access to reports that they wouldn't typically be able to see based on their user account 
settings. Report access can be granted for a specific report or for a scan report template. 


Securely Distribute PDF Reports — As a Manager user, you have the ability to encrypt PDF 
reports with a password and distribute them to users via an email distribution list, 
including users inside and/or outside of the subscription. To do this, go to Reports > Setup 
> Report Share and select “Enable Secure PDF Distribution” and click “Save”. The next time 
you launch a report with report share, you’ll see the option “Add Secure Distribution”. 
Select this option, add a report password, add custom distribution groups with email 
addresses, select one or more groups for the report, and then launch the report. When the 
report is completed, an email notification with a secure link to the report is sent to users 
who will be prompted to enter the report password before viewing the report. 


Scheduling Reports 


When Report Share is enabled, a Manager user can enable Scheduled Reporting, which 
allows users to schedule reports to run at specified intervals and define email distribution 
groups for finished reports. To enable Scheduled Reports click the “Schedules” tab. The 
first time you click the Schedules tab you'll see the Scheduled Reporting Setup window. 
Click the “I Accept” button to enable Scheduled Reporting for your subscription. 
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To schedule a report, go to the “Schedules” tab and then go to the New menu and select 
the type of report you want to schedule. 


‘= Reports Reports Schedules Templates Risk Analysis Search Lists Setup 


New v || Search | | Fiers ze KÉEN ey 
m Scan Report 
(Ņ Title i E Template Based. a Created Next Launch Last Launch Report Template Report Format 
1 Scorecard Report PCI Scan Template. 
Patch Report. wo serreuuresrereurrd matching your filters. Please modify your filters or add a scheduled map or scheduled scan. 


Authentication report 
Remediation Report. 
Compliance Report 


Download. 


Follow the online prompts to provide report details as described above for launching a 
report. Select the “Scheduling” check box to define scheduling and notification options, 
and then click “Schedule” to save the report task. The scheduled report appears on the 
Schedules list and runs at its scheduled time. When the report runs, it appears on the 
Reports tab. 


Report Templates 


Your account includes pre-defined report templates to simplify report generation. Most 
reporting is template-based. The report template outlines what information is included in 
the report and how that information is displayed. To view report templates available in 
your subscription, select the “Templates” tab under “Reports”. 


mili Reports Reports Schedules Templates Risk Analysis Search Lists Setup 


(Newin) { Search | (Fiersa 1-13 of 13 ey 
% Title a Type Vulnerability Data User Modified 
© 2008 SANS Top 20 Report Lë Host Based System 03/23/2020 
© Executive Remediation Report $ Host Based System 03/23/2020 
® Executive Report @ Host Based Patrick Slimmer 03/23/2020 
® High Severity Report @ Host Based Patrick Slimmer 03/23/2020 
® Payment Card Industry (PCI) Executive Report {A Scan Based ‘System 03/23/2020 
© Payment Card Industry (PC!) Technical Report {A Scan Based ‘System 03/23/2020 
© Qualys Patch Report @O Host Based Patrick Slimmer 03/23/2020 
© Qualys Top 20 Report Vë Host Based System 03/23/2020 
© Technical Report @ Host Based Patrick Slimmer 03/23/2020 
® Tickets per Asset Group db Host Based System 03/23/2020 
® Tickets per User db Host Based System 03/23/2020 
© Tickets per Vulnerability db Host Based System 03/23/2020 
© Unknown Device Report EJ + Scan Based Patrick Slimmer 03/23/2020 


Report types are: @ for a scan report, for a compliance report, 
+} for a map report, P for a remediation report and & for a patch report. 
Templates Library 


The Template Library provides additional report templates that you can import to your 
account and use as-is or edit as needed. These templates are designed to address many of 
your reporting requirements. You can run these report templates at any time. 


You can import report templates from the Library while viewing the report templates list. 
Just go to New > Import from Library. 
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nili Reports Reports Schedules Templates 


New w Search | | Filters w 


$ Title Scan Template. 
` PCI Scan Template. } 

© 2008 SANS Patch Template 

Ç) Executive Í Map Template 


© Seed l Import from Library... 


® High Sever EE 


Select the check box next to each template you want, then click “Import”. 


Import Report Templates from Library 


Select report templates to import. The report templates will be copied to your account. | Search 1-50f5 Ms 


| Info Title a Description Type Modified | 
|Z @) Assets with Obsolete Software v.1 A report listing systems that are highly vulnerable because they are currently running obsolete or unsupported @ 04/12/2017, 
software/operating systems. 
| “| @ Critical Patches Required v.1 A report listing all the patches that should be applied to hosts in order to remediate the highest-risk vulnerabilities. e 04/18/2017 | 
| @ Disabled/ignored Vulnerabilities v.1 A report listing vulnerabilities that are intentionally excluded from reports by users (currently disabled or ignored) @ el 
| G) Patchable High-priority Vulnerabilities v.1 Areport listing high-priority vulnerabilities that can be remediated via a vendor-supplied patch. KI Gg 
| @ Remediated Vulnerabilities Last 30 Days v.1 A report listing vulnerabilities that have been fixed in the last 30 days. @ (04/18/2017) 
Import | Close | 


The selected templates are added to your report templates list. If there are vulnerability 
search lists associated with these templates, the search lists are also added to your 
account in the search lists data list. Once imported you can use these items as-is or edit 
them to suit your specific needs. The Library includes a variety of report templates, option 
profiles and vulnerability search lists. You can import configurations from the Library 
while viewing your data lists (report templates, option profiles, and search lists) and while 
stepping through workflows where these configurations are used. Once imported, 
configurations are saved in your account for viewing and editing. 


Create Custom Templates 


If the provided templates don’t meet your exact needs, you can create custom templates 
to report on the vulnerability data in your account. Go to the report templates list then 
select the type of template you want to create from the New menu. Select display and 
filter options for your report. 


Scan reports can be tailored in thousands of different ways, and we suggest you try some 
different combinations of options to see the resulting output. On the New Template page, 
begin by giving your report a title, such as “First Scan Report.” Then select different report 
options in the Findings, Display, Filter and Services and Ports sections of the template. The 
User Access section allows you to grant certain users access to reports generated from this 
template. As you finish setting report options, the buttons at the bottom of the page allow 
you to Save, Save As, Test, or Cancel. You can create on-the-fly reports that give you a 


snapshot, or you can create templates you will use repeatedly, and therefore will want to 
save. 
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Trend Analysis and Differential Reporting 


Using the scan report template, select the “Host Based Findings” and “Include trending” 
options under Findings and choose host targets. Then go to the Display options and select 
just the first two options under Graphics (“Business Risk by Asset Group over Time” and 
“Vulnerabilities by Severity over Time”) and then select “Test” at the bottom of the page. 


The summary of vulnerabilities section reports statistics on the vulnerabilities detected: 


Summary of Vulnerabilities 
Total: 139 (+70) Security Risk (Avg) BS 


by Status 
Status 
New 
Active 
Re-Opened 
Total 
Fixed 
Changed 


by Severity 
Severity Confirmed (Trend) 
26 13) 
15 ona 
40 (424) 8 
45 (+20) 
13 (46) B 
al 139 (+70) 0 


Sanwa 


Ti 


5 Biggest Categories 

Category Confirmed (Trend) 
Windows a sE 
General remote services 19 14) 5 
col 19 G10) 0 
Web server 14 4) B 
TCPAP 12 (42) 
Total 85 (+35) 0 


27 Business Risk B 


Confirmed 
D 

131 

8 

139 

H 

7 


Potential (Trend) 


Potential (Trend) 


8/100 


Potential 


Total (Trend) 
26 413) 0 
15 nE 
4 (424) 0 
45 (+20) 0 
13° 46) 
1439 (+70) 0 


Information Gathered 


Information Gathered Total (Trend) 
è 2a oso 
19 9E 
19 (100 
14 Ga 
12 «2G 
85 (+35) 0 >| 


Following this is the graphical depiction showing business risk by asset group over time. It 
also shows vulnerabilities by severity over time. This is just one simple example of how 
our trend analysis reporting can give you a fast overview of business risk and vulnerability 


trends on a given network. 


Qualys allows customers to store host vulnerability data from scan results for an 
indefinite amount of time. This is very useful for organizations to establish a certain 
baseline and continue to reference it in order to measure progress. Sample graphs are 


below. 
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Weekly Trend Report 
Filey Viewr Help 
= — — -E 
Business Risk by Asset Group over Time E 
12 Groups | 
“u Bra Asset Group 
10 Bea A 
3 a Corporate Office 
gg 
ZS 7 
8 
g 6 
EI 5 
a 
8 4 
3 
"SR SEER SSES ANNA? SR AR 
1 
o 
02/16 02/23 03/02 03/09 03/16 03/23 
15:55 15:55 
Date 
[Vulnerabilities by Severity over Time 
Severity Level 
BR "e Severity 5 +13 
m] 15 Severity 4 47 
| DI 40 Severity 3 +240 
\3 45 Severity 2 KR? 
E 13 Severity 1 +6 
‘3 139 Total +70 0 
\é 
S 
G 
Gi 
E 
s 
mus 02/23 03/02 03/09 03/16 
15:55 
Date 
AN 
E 


Detailed Results follow the report graphics. The current status (New, Active, Re-Opened or 
Fixed) appears for each vulnerability detected on the host. A sample detailed results list is 
below: 


Weekly Trend Report 


Filey View Help~ 


Detailed Results al 
w 10.10.24. 100 (nmail-p.qualys.com, NMAIL-P) Windows 2000 Service Pack 3-4 
zí 
e Vulnerabilities (254) HE 
> EENEN 5 Defense Exclusive: Microsoft Windows Indeo32 Codec Parsing Heap Corruption CVSS: 8.6 New éi 
Vulnerability 
> EENEN 5 Windows HTTP Services Could Allow Remote Code Execution (MS09-01 3) CVSS: AA New rl 
i 8 Ignore vulnerability 
> MINIM 5 WordPad and Office Text Converters Remote Code Execution Vulnerability a 
View ticket 
(MS09-010) 
> MIM 5 Microsoft Internet Explorer Critical Patch KB870669 Missing CVSS:8 New [Rr] 
> MMM 6 Microsoft MFC Could Allow Remote Code Execution (MS07-012) CVSS: 6.6 New [ar] 
> MMMM 5 Cumulative Security Update for Outlook Express (MS06-076) CVSS:7.3 New Lë 
> MINIM 5 Microsoft Agent Vulnerability Could Allow Remote Code Execution (MS06-068) CVSS:7.5 New [È 
> MMMM 5 veScript and JScript Scripting Engines Could Allow Remote Code Execution CVSS: 8.4 New [pr] 
(MS08-022) 
> MIM 5 TCP/P Vulnerabilities on Windows Could Allow Remote Code Execution (MS08-001)  CVSS:8.4 New [P7] 
> MMMM 5 Security Update for Outlook Express and Windows Mail (MSO7-056) CVSS: 8.1 New [ar] 
> MIM 5 Microsoft Agent Could Allow Remote Code Execution (MS07-051) CVSS: 8.1 New [F7 
> MMMM 5 Vector Markup Language Vulnerability Could Allow Remote Code Execution CVSS: 8.1 New [Pr] 
(iS07-050) 
> MIM 5 Microsoft MSXML 3.0 Service Pack 5 Missing CVSS:7.5 New [Pr 
> BENEH 5 Microsoft XML Core Services Remote Code Execution Vulnerability (MS06-061) CVSS:7.5 New >| 
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Taking Remediation Actions 


There are several remediation actions you can perform directly from scan report with host 
based findings. In the Detailed Results section, place your cursor over the red cross (#7) 
and then select an action from the drop-down menu. 


Ignore/Activate options: 


Ignore vulnerability - This causes the vulnerability to be filtered out of scan reports, host 
information, asset search results and your dashboard. This action also closes associated 
remediation tickets for the vulnerability/host/port. (Ignored vulnerabilities always appear 
in scan reports with scan based findings.) 


Activate vulnerability - This option activates an ignored vulnerability on the host. (To take 
this action your report filter settings must be set to display ignored vulnerabilities.) 


Ticket related options: 


Create ticket - This will create a new remediation ticket for the host/vulnerability/port. 
You'll be prompted to specify who the ticket should be assigned to and when the ticket 
should be resolved. The ticket creation is logged in the ticket history with the name of the 
user who created the ticket and a time stamp for when the action took place. 


View ticket - This will show you ticket information, if a ticket exists for the 
host/vulnerability/port. From the File menu, click Edit to resolve or close-ignore the ticket, 
reassign the ticket to another user or add comments to ticket details. 


It is best practice to create one or more remediation policies for the subscription to 
automate the ticket creation process. With a remediation policy in place, tickets are 
created automatically by the service when detected vulnerabilities match conditions 
specified in policy rules. 


Business Risk Reporting 


One of the key functions of a Vulnerability Management solution is remediation reporting 
and tracking. To do this in the most efficient way, there needs to be some way of 
associating network assets with various business operations, so that the severity of 
vulnerability is correlated with business security exposure in order to arrive at a metric for 
business risk. 


Qualys automates business risk reporting while enabling users to tailor it to their 
enterprise. The system provides a default definition, but it also allows users to modify it to 
better reflect their own internal metrics. 


You customize the business risk calculations by going to Reports > Setup > Business Risk. 
The Business Risk Setup page will appear defined by a matrix with Business Impact 
columns and Security Risk rows. 


So, for example, a security risk of 5 has a business risk of 9 if the asset is associated with a 
Low impact business operation. On the other hand, it would have a business risk of 100 if 
associated with a Critical impact operation. The Business Risk Setup page below 
illustrates this. 
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Business Risk Setup LaunchHelp ? 


Business Risk 


The business impacttitles and business risk values for calculating business risk in reports. 
Business Impact 


Title: | Critical High Mediurn Minor Low 


a 


3 
æ 4 
2 

5 3 
g 

"y 
d 


You can assign Business Impact values to any asset group you have created. To do this, 
you select the “Asset Groups” tab under “Assets”. Here you will see the asset groups listed 
along with their IPs, domains, business impact, user, and last modified date. You can 
change the business impact definition by selecting Edit from the Quick Actions menu, 
selecting the “Business Info” tab, then setting the Business Impact level. Change it to some 
other identification, so if it was “Critical,” change it to “Medium”. Afterward, select “Save”. 


Note how changing the Business Impact level changes the previous trend and status 
report results, particularly the Business Risk metric: 


Summary of Vulnerabilities 


Total: 270 (+134) 0 Security Risk (Avo): BER 25 Business Risk: E anon 

by Status 

Status Confirmed Potential Total 
New 71 - 71 
Active 195 - 195 
Re-Opened 4 - 4 
Total 270 - 270 
Fixed a - 0 
Changed 75 - 75 


CVSS (Common Vulnerability Scoring System) 


Qualys displays CVSS v2 and CVSS v3 scores in reports. CVSS was commissioned by the 
National Infrastructure Advisory Counsel (NIAC) and is currently maintained by FIRST. 
CVSS is widely supported by security organizations and vendors including: CERT, Mitre, 
Cisco, Symantec, Microsoft and Qualys. 


Want to display CVSS scores in scan reports? First enable the CVSS Scoring feature for the 
subscription. Go to Reports > Setup > CVSS. Then select the “Enable CVSS Scoring” check 
box and click “Save”. Once enabled, CVSS scores will be calculated for vulnerability/host 
pairs and displayed in scan reports. 
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The following values are needed to calculate a CVSS score for a vulnerability: 


CVSS Base Score - The Base score measures the fundamental, unchanging qualities of a 
vulnerability. When the final CVSS score is calculated, the Base score is modified by the 
CVSS Temporal score and Environmental metrics. The Base score is provided by the 
service and assigned to vulnerabilities. 


CVSS Temporal Score - The Temporal score measures the time dependent qualities of a 
vulnerability, which may change over time. The temporal score allows for mitigating 
factors to reduce the overall CVSS score for a vulnerability. The Temporal score is provided 
by the service and assigned to vulnerabilities. 


CVSS Environmental Metrics - The CVSS Environmental Metric group captures the 
characteristics of a vulnerability that are associated with the user’s IT environment. Users 
define environmental metrics in asset groups. The metrics apply to all hosts in the asset 


group. 


In the sample scan report below, a final CVSS score of 6.6 is displayed for QID 90454 on IP 
10.10.24.54. See the vulnerability details for the CVSS Base and Temporal scores assigned 
to the vulnerability and the CVSS Environmental metrics assigned to the host’s asset 
group. 


High Severity Report 


Filey Viewr Helpy 


w 10.10.24.54 (2k3sp2-24-54.lab.ad.vuln.qa.qualys.com, Windows 2003 R2 Service Pack 2 
2K3SP2-24-54) 


w Vulnerabilities (4) HE 


> MMMM £ Microsoft Windows Remote Desktop Protocol Remote Code Execution Vulnerability (MS12- CVSS:6.3 New [apr] 
020) 
v BBM 5 Microsoft Windows Server Service Could Allow Remote Code Execution (MS08-067) New [>| 
First Detected: 05/17/2016 at 21:35:01 (GMT-0700) Last Detected: 05/17/2016 at 21:35:01 (GMT-0700) Times Detected: 1 
QID: 90464 CVSS Base: 10 
Category: Windows CVSS Temporal: 8.3 
CVEID: CVE-2008-4250 CVSS Environment: 
Vendor Reference M508-067 Asset Group: Asset Group 24 
Bugtraq ID: 31874 Collateral Damage Potential: Low-Medium 
Service Modified: 02/12/2009 Target Distribution: Medium 
User Modified: - Confidentiality Requirement: High 
Edited: No Integrity Requirement: High 
PCI Vuln: Yes Availability Requirement: High 
Ticket State: 


THREAT: 

The Microsoft Windows Server service provides RPC support, file print support and named pipe sharing over the network. The Server service allows the 
sharing of local resources (such as disks and printers) so that other users on the network can access them. It also allows named pipe communication 
between applications running on other computers and your computer, which is used for RPC. 

The Server service is vulnerable to remote code execution issue, due to the service not properly handling specially-crafted RPC requests. Any 
anonymous user who can deliver a specially-crafted message to the affected system could try to exploit this vulnerability. 

Windows XP Embedded Systems:- For additional information regarding security updates for embedded systems, refer to the following MSDN blog(s): 
December 2008 Updates are Available (including for XPe SP3 and Standard) (KB9S8644) 

October 2008 Security Updates Include a Bonus (KB958644) 


IMPACT: 
An attacker who successfully exploits this vulnerability could take complete control of the affected system. 


SOLUTION: 

Patch: 

Following are links for downloading patches to fix the vulnerabilities: 

MS08-067: Microsoft Windows 2000 Service Pack 4 

MS08-067: Windows XP Service Pack 2 

MS08-067: Windows XP Service Pack 3 X 
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Scorecard Reports 


Qualys provides template-based scorecard reports that can be used to communicate the 
state of security within the enterprise directly to persons in charge of security operations 
and business line owners. 


Scorecard reports provide vulnerability data and statistics appropriate for different 
business groups and functions. By configuring scorecard reports to use different views and 
asset groupings, you can create multiple reports based on the same data satisfying both 
security operations personnel and business line leaders. You can then share each 
generated report with the people who need it in a format that is meaningful to them. 


To run a scorecard report, go to VM/VMDR > Reports and select New > Scorecard Report. 
Select a report template on the left and then click Run to run the report. 


New Scorecard Report Launch Help 
Select a scorecard report from the list below. 
| Scorecard Reports 


| Scorecard Reports Preview 


Vulnerability Scorecard Report 
Ignored Vulnerabilities Report 
Most Prevalent Vulnerabilities Re 
Most Vulnerable Hosts Report 
Patch Report 

MVH - MS Vulns 

Vuln Report with Bus Risk Goal SE 


Vulnerability Scorecard Report a 


m 


i : i — © 
Description 


The Vulnerability Scorecard Report gives you the latest vulnerability status 
about selected asset groups or tags. You can create a copy of this template 
e that will give you additional options to monitor the performance of the various 
‘eel e teams in charge of the remediation of the vulnerabilities that must be fixed 
oan Dala per your organization's security policy. By configuring a business risk goal you ~ 


m > 


Run Cancel 


You'll be prompted to select hosts to report on and a report format. You can select hosts 
by asset group, asset tag or business unit. Asset tags can be selected when Asset Tagging 
has been added to your account and you have accepted the New Data Security Model (go 
to Users > Setup > Security for information). 


Do you want to create custom templates? Simply select a template title and then click Edit 


(under the list) and enter settings. Once saved you can run the template to create your 
report. 


A sample Vulnerability Scorecard Report is shown below. 
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Reporting and Remediation 


Risk Goal setting in the scorecard report template. 
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Filey View» Help: 
My Vulnerability Scorecard Report — "mm 
Type: Vulnerability Scorecard Report 
Report Title My Vulnerability Scorecard Report Company Qualys, Inc. = 
~ Report Settings 
Filter settings Display settings 
Source Asset Tags Business Risk Goal ON 
Operating System All Operating Systems Vulnerability Type ON 
Business Risk Goal 30% vulnerable hosts (less than or equal to) Vulnerability Status ON 
‘Vulnerability Age ON 
¥ Results Summary 
Vulnerability Distribution by Severity Vulnerability distribution by type 
E Severity 5 135 20% E Confirmed 692 100% 
E Severity 4 482 70% @ Potential 0 0% 
E Severity 3 67 10% Total 692 100% 
@ Severity 2 8 1% 
Total 692 100% 
Vulnerability distribution by status Vulnerability distribution by age 
E New 126 14% @ 30 days 126 18% 
@ Active 464 51% E 60 days 0 0% 
I Fixed 222 24% 90 days 566 82% 
BW ReOpened 102 11% Total 692 100% 
Total 914 100% 
v Detailed Results 
Asset Tag Severities Vulnerable Hosts Vulnerability Type Vulnerability Status Vulnerability Age 
Title Hosts Scanned Level 5 ~ Level 4 Level 3 Level2 Total Goal% Confirmed Potential New Active Fixed Re-Opened >30 days > 60 days > 90 days 
10.10.10 network 39 67 246 4 6 13 360 0 60 266 84 34 60 0 300 
Corporate Office 20 aM ns 13 1 6 166 0 33 99 e 34 33 o 133 
BU-West Coast 51 34 118 13 1 H 166 o 2 99 69 34 33 0 133 
Total 110 135 482 67 8 25 692 D 126 464 222 102 126 0 566 
D a gege gegen ge 
d O, 
In the Detailed Results you see the % of hosts that are vulnerable for each asset tag 
ncluded in the report. The pass (green) and fail (red) status is determined by the Business 
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Patch Reports 


The Qualys Patch Report is a new feature that helps you streamline the patching process 
and improve remediation efficiency. The patch report leverages standard Qualys 
capabilities to provide accurate, actionable and focused reports so you can quickly and 
efficiently remediate vulnerabilities without applying unneeded, redundant patches. 


For the most accurate results in your patch report, be sure that authenticated scanning is 
used to scan the target hosts. Using authenticated scanning allows the scanning engine to 
collect the most detailed information about each target host including the host's 
operating system. When this information is in your account, the service identifies the 
most appropriate missing patch(es) in your patch report. 


Your patch report can be saved in these formats: PDF, CSV and Online Report - this gives 
you an interactive report with numerous navigation options. 


A sample Online Patch Report is shown below. This report was generated using the 
template “Qualys Patch Report” provided by Qualys. In this report patches are grouped by 
host. The report summary shows: 467 total patches need to be applied to fix the 
vulnerabilities on the target hosts, 48 hosts require patches to be applied, and 566 
vulnerabilities will be addressed by applying the patches in the report. Host 10.10.24.203 
needs 9 patches applied and you can see details on these patches in the right pane. 


| á Report Summary 


Company: Qualys, Inc. 


Created by: Joe P Total Hosts Requiring Vulnerabilities 
aaa me aeroplanes Patches Patches Addressed 
Created on: 06/30/2016 


View Report Targets... 


PATCHES required on 10.10.24 203° (9) 


| 1P | DNS Name NetBIOS ` "OS Se | VendorID ` 1 Sev. | Die Published TZ 
10.10.24.176 0ral0204-24-176.p..._ ORA10204-... Windows 2003 Service Pac.. 12 “| Ms16-070 S Meer Een Gegen š 
10.10.24.181 mq-24-181 MQ-24-181 Windows 2003 Service Pac... 10 EE EE S 
10.10.24.68  com-sql-24-68.lab.a... COM-SQL-2... Windows 2003 Service Pac... 10 SENDADO. iG) ISAL ve P 
10.10.24.180 mq-24-180 MQ-24-180 Windows 2003 Service Pac.. 10 EE EE i 
10.10.24.195 weblogic-24-195 WEBLOGIC-... Windows 2003 Service Pac... 10 DEE A. More Ranae tee. ge ops i 
10.10.24.69  com-sal-24-69 COM-SQL-2... Windows 2003 Service Pac... 9 eer 5 Microsoft Windows 2008 RZ Service Pac... 5S years ae A 


10,10.24.203 2k8sp0-24-203 


Windows 2008 Enterprise S... 


MS12-020 5 Microsoft Windows Remote Desktop Pro... 4 years ago 1 
10.10.24.199 mssql2k8-24-199.pa... MSSQL2K8-... Windows 2003 Service Pac... 9 MS13-006 3 Microsoft Windows Security Feature Byp... 3 years ago 1 
10.10.24.204 2k8sp0-24-204 2K8SP0-24-... Windows 2008 Enterprise S... 9 MS15-127 5 Microsoft Windows DNS Server Remote ... 205 days ago 1 
10.10.24.14 Linux 2.4-2.6 / Embedded D... 8 
10.10.24.230 com-test-dc-24-230... COM-TEST-... Windows 2003 Service Pac... 8 
10.10.24.75 2k3sp2-24-75-p.2k3... 2K3SP2-24-... Windows 2003 Service Pac... 7 = 
Page 4 /of2| > Dil || Filter x 1-250f48 | | Page 1of1 | || Filter x 1-90f9 
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Reporting Summary 


Qualys’s highly flexible, comprehensive reporting capabilities distinguish it from other 
Vulnerability Management solutions. Report Share functionality provides Enterprise users 
with a centralized location for sharing reports with other users. Template based reports 
and Scorecard reports are available for reporting on vulnerability scan data in your 
account. The Qualys Patch Report helps you streamline the patching and remediation 
process. The Template Library includes pre-defined report templates that you can import 
and use as is or edit as needed. 


Remediation Summary 


Qualys provides a remediation process that allows you to close the loop in your 
Vulnerability Management process. This is done with powerful capabilities, such as 
automatic ticket generation, that separates Qualys from other solutions. User defined 
policy rules define the conditions that must be met for a ticket to be created (what 
vulnerabilities detected, on what assets). Tickets are auto created and you'll see Open 
tickets assigned to you. By default tickets are closed once the vulnerability is confirmed 
fixed in subsequent scan. 


VMDR- ov Help w | Patrick Slimmer (quays_xt49) w Logout 


Dashboard Vulnerabilities Prioritization Scans Reports ( Remediation) Assets KnowledgeBase Users 


S$ RELI Tickets Policies Setup 
New v || Search || Fitters w 
Displaying tickets modified within the last 30 days. Use Setup menu to change. 
Ticket# State Due Date» IP Port# Instance DNSHostname NetBIOS Hostname Severity QID Vulnerability Title Owner Modified Created Resolved 


000002 Open 04/16/2020 10.10.10.11 2k8r2-u-10-11 2K8R2-U-10-11 EENEN 5 91041 Microsoft Windows Patrick Slimmer 04/09/2020 04/09/2020 
HTTP.sys Remote Code 
Execution Vulnerability 
(MS15-034) 

000001 Open 04/16/2020 10.10.10.11 2k8r2-u-10-11 2K8R2-U-10-11 BIB 5 91345 Microsoft SMB Server Patrick Slimmer 04/09/2020 04/09/2020 
Remote Code Execution 
Vulnerability (MS17-010) 
and Shadow Brokers 
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Wait, there’s more! 
Policy Compliance 


Wait, there’s more! 


Thank you for evaluating the Qualys Cloud Platform! There’s more you can explore. 


Policy Compliance 


Qualys Policy Compliance (PC) supports auditing host configurations and measuring their 
level of compliance with internal and external policies based on the latest security 
benchmarks and standards and centrally tracking compliance status of all your assets. 


Qualys also offers Qualys Security Configuration Assessment (SCA) - this is a lightweight 
service that can quickly perform the configuration assessment of IT assets and centrally 
track compliance status of all your assets on basis of CIS hardening benchmarks. 


To access policy compliance features, select the Policy Compliance application from the 
picker. You'll see PC workflows along the top menu. 


Policy Compliance v 


Dashboard Policies Scans Reports Exceptions Assets Users 


RISCH Policies Controls Mandates Setup 
| New || Search| | Fiters w 
Title e ® Created By 


First Policy rod Patrick Slimmer 
Linux Policy o Patrick Slimmer 


Windows Policy Lei Patrick Slimmer 


Get informed quickly with video tutorials. 


Video Tutorials 
Policy Compliance Video Library 


Looking for something more? Check out these resources. 


User Documentation 
Policy Compliance Getting Started Guide 
Security Configuration Assessment Getting Started Guide 


Wait, there’s more! 
Add Cloud Agents 


Add Cloud Agents 


Qualys Cloud Agent (CA) extends your security throughout your global enterprise. These 
lightweight agents are remotely deployable, centrally managed and self-updating. They 
collect the data and automatically beam it up to the Qualys Cloud Platform, which 
continuously analyzes and correlates the information in order to help you identify threats 


and eliminate vulnerabilities. 


CA lets you get data for all kinds of assets - on your on-premise systems, dynamic cloud 
environments and mobile endpoints. 


Get informed quickly with video tutorials. 


Video Tutorials 
Cloud Agent Video Library 


Looking for something more? Check out these resources. 


User Documentation 


Cloud Agent Getting Started Guide 
Cloud Agent API User Guide 
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Wait, there’s more! 
Get Real-Time Security Alerts 


Get Real-Time Security Alerts 


Qualys Continuous Monitoring (CM) sends new security alerts when certain information is 
found by the Qualys Cloud Platform. You can choose to track changes on hosts, 
vulnerabilities and more. 


It’s easy to get started! Jump over to the Continuous Monitoring app. You'll create a ruleset 
(what you want to be alerted on) and a monitoring profile (which hosts you want to 
monitor and who should be notified). Alerts will be generated as soon as scan results are 
processed. 


Ruleset Builder: My First Ruleset 


Launch help 
Add one or more rules to this ruleset. Each rule describes an event you want to be alerted on. 


Title* My First Ruleset 


Description 


This is where you add and customize rules. Your rules can be simple (any new vulnerability) or complex (any new severity 5 vulnerability on a Linux host). 


Rule Types v Rule 1: New or Reopened Vulnerability Remove X 


T When a vulnerability is* [V] New E] Fixed E Active Vi Reopened 


+ Add Criteria ~ 
Vulnerabilty 


> Rule 2: Opened Port / Service Remove x 
N > Rule 3: Expired or Expiring Certificate Remove X 
Dest 


> Rule 4; New Host Remove x 
Port / Service 


lo 


Software Ticket 


Get informed quickly with video tutorials. 


Video Tutorials 


Compliance Monitoring 
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Wait, there’s more! 
Scan Your Web Apps and APIs for Vulnerabilities 


Scan Your Web Apps and APIs for Vulnerabilities 


Web apps, often plagued by vulnerabilities and misconfigurations due to poor coding and 
faulty hardening policies, can be put on your network by almost anyone. Large 
organizations have hundreds, even thousands of apps. Qualys WAS gives you visibility and 
control by finding official and “unofficial” apps throughout your environment, and letting 
you categorize them. 


Unsafe web applications and APIs offer hackers an attractive attack surface and 
convenient entry point into your IT environment. When breached, web apps can expose 
massive amounts of confidential business data. Qualys WAS protects you with incisive, 
thorough, precise scans, scaling up to thousands of web apps and with few false positives. 
Detects OWASP Top 10 risks such as SQL injection, cross-site scripting (XSS), cross-site 
request forgery (CSRF) and unvalidated redirection. 


Get informed quickly with video tutorials. 


Video Tutorials 
Web Application Scanning Video Library 


Looking for something more? Check out these resources. 


User Documentation 


WAS Getting Started Guide 
WAS API User Guide 
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Support and Training 
Contact Support 


Support and Training 


Contact Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your 
questions will be answered in the fastest time possible. We support you 7 days a week, 24 
hours a day. Access online support information at www.qualys.com/support/. 


Free Training and Certification 
Browse our Training video library and take online self-paced training for free. 


Training and Certification 


Our Online Community 
Learn from other security professionals like yourself. 


Qualys Community 


Looking for user guides? 
Download API guides, Scanner Appliance guides, Quick Starts, and more. 


Qualys Documentation 


New Feature Announcements and Platform Status 


These additional resources will help you stay informed about new features, API changes 
and platform status. 


Release Notes 
New Feature Announcements on Qualys Blog 
API Notifications 


Platform Status 
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